From c930a3cd6b4f080f5708eb32ca70a7a90381512e Mon Sep 17 00:00:00 2001
From: Mark Appleton <mark.appleton@idoxgroup.com>
Date: Fri, 7 Mar 2025 08:33:01 +0000
Subject: [PATCH] #987 stopping users entering urls into name, email, subject
 and message fields

---
 src/WebApp/appsettings.json                   | 10 ++++-----
 .../Components/NoUrlAttribute.cs              | 22 +++++++++++++++++++
 .../ViewModels/MessageViewModel.cs            |  4 ++++
 3 files changed, 31 insertions(+), 5 deletions(-)
 create mode 100644 src/cloudscribe.SimpleContactForm/Components/NoUrlAttribute.cs

diff --git a/src/WebApp/appsettings.json b/src/WebApp/appsettings.json
index 0d10ad9..736bebc 100644
--- a/src/WebApp/appsettings.json
+++ b/src/WebApp/appsettings.json
@@ -6,14 +6,14 @@
     "CopySubmitterEmailOnSubmission": "true"
   },
   "SmtpOptions": {
-    "Server": "",
+    "Server": "www.test.com",
     "Port": "25",
-    "User": "",
-    "Password": "",
+    "User": "test",
+    "Password": "test",
     "UseSsl": "false",
     "RequiresAuthentication": "false",
-    "DefaultEmailFromAddress": "",
-    "DefaultEmailFromAlias": ""
+    "DefaultEmailFromAddress": "test@test.com",
+    "DefaultEmailFromAlias": "test"
   },
   "RecaptchaKeys": {
     "PublicKey": "",
diff --git a/src/cloudscribe.SimpleContactForm/Components/NoUrlAttribute.cs b/src/cloudscribe.SimpleContactForm/Components/NoUrlAttribute.cs
new file mode 100644
index 0000000..f643cfd
--- /dev/null
+++ b/src/cloudscribe.SimpleContactForm/Components/NoUrlAttribute.cs
@@ -0,0 +1,22 @@
+using System.ComponentModel.DataAnnotations;
+using System.Text.RegularExpressions;
+
+public class NoUrlAttribute : ValidationAttribute
+{
+    protected override ValidationResult IsValid(object value, ValidationContext validationContext)
+    {
+        if (value != null)
+        {
+            var stringToValidate = value.ToString();
+            var urlPattern = @"((http|https|ftp|file)://)?([\w-]+(\.[\w-]+)+)(/[\w- ./?%&=]*)?";
+            var emailPattern = @"^[^@\s]+@[^@\s]+\.[^@\s]+$";
+
+            if (Regex.IsMatch(stringToValidate, urlPattern) && !Regex.IsMatch(stringToValidate, emailPattern, RegexOptions.IgnoreCase))
+            {
+                return new ValidationResult("URLs are not allowed.");
+            }
+        }
+
+        return ValidationResult.Success;
+    }
+}
\ No newline at end of file
diff --git a/src/cloudscribe.SimpleContactForm/ViewModels/MessageViewModel.cs b/src/cloudscribe.SimpleContactForm/ViewModels/MessageViewModel.cs
index ae56caa..0fda275 100644
--- a/src/cloudscribe.SimpleContactForm/ViewModels/MessageViewModel.cs
+++ b/src/cloudscribe.SimpleContactForm/ViewModels/MessageViewModel.cs
@@ -15,15 +15,19 @@ public class MessageViewModel
         public string FormId { get; set; }
 
         [Required(ErrorMessage = "The Name field is required.")]
+        [NoUrl(ErrorMessage = "URLs are not allowed in the Name field.")]
         public string Name { get; set; }
 
         [Required(ErrorMessage = "The Email field is required.")]
         [EmailAddress(ErrorMessage ="The Email field is not a valid email address.")]
+        [NoUrl(ErrorMessage = "URLs are not allowed in the Email field.")]
         public string Email { get; set; }
 
+        [NoUrl(ErrorMessage = "URLs are not allowed in the Subject field.")]
         public string Subject { get; set; }
 
         [Required(ErrorMessage = "The Message field is required.")]
+        [NoUrl(ErrorMessage = "URLs are not allowed in the Message field.")]
         public string Message { get; set; }
 
         public string RecaptchaPublicKey { get; set; } = string.Empty;