Server-side validation of custom form


#1

Hi all, I’m new to Squiz so please bear with me!

We have a custom form and we need to check whether some of the submitted details match “known-good” combinations in a json file. We then need to send those submitted details on to a third party via REST. We can’t rely on insecure client-side validation for this purpose.

Here’s my current approach:

  • Create a standard page with blank design & paint layout
  • Create a content container with SSJS to grab the JSON data and check global POST values against it, do some other validation, and then print the validation result as pass/fail
  • On the form, submission action 1 is to Call REST Resource with the above page as the URL, using validation rule to check the response body
  • Submission action 2 then calls the external REST Resource with the submitted details

If the response body on the first REST call is not ‘pass’ then the validation rule fails and the subsequent submission action does not run (in theory, I haven’t got this far yet!)

Two questions:

  1. Does this sound like the best approach, or is there another way I could go about it?
  2. Is there any elegant way to rename the POST variables from a Squiz form (eg. ‘username’ instead of ‘q12345:q1’)? I was hoping there might be some keyword wizardry to pull in another value from the question asset and use that in place of the name.

Thanks!


(Bart Banda) #2

Hi Alex,
Welcome to using Matrix and the squiz forums!

Definitely doesn’t sound like you’re new because what you said def sounds like the right approach and what that feature was built for, that’s how I would do it :slight_smile:

Unfortunately no, mainly so that the form fields can be renamed constantly without breaking underlying functionality like this!


#3

Thanks @Bart, that’s a huge relief to hear! Cheers