Form Email Handler - NCIOCPL/cgov-digital-platform GitHub Wiki

Form Email Handler

The Form Email Handler gathers an arbitrary set of form fields and sends them to a predefined email address. This allows contact forms (e.g. the E-mail Us contact form) to be created without exposing email addresses.

Usage

An HTML form is created with method="POST", action="/FormEmailer", and an arbitrary list of form fields. The form must also contain the reserved fields:

  • __recipient - Identifier for looking up the email address the form will be sent to.
  • __redirectto - The relative path to the page to be displayed after the form is submitted (must be on the same server as the form).
  • __subject - The email subject.
  • recaptcha_challenge_field (used by reCAPTCHA)
  • recaptcha_response_field (used by reCAPTCHA)

When a web site visitor submits the form, reCAPTCHA validates that the visitor is a human, the form fields are gathered in the same order as the form, and sent to the email address identified by the __recipient field.

Sample HTML Form

  <form id="FORMIDHERE" method="post" action="/FormEmailer">
    <input id="contactEmailRecipient" value="EMAIL_IDENTIFICATION_KEY" type="hidden" name="__recipient" />
    <input value="PAGE_TO_REDIRECT_AFTER_SUBMIT" name="__redirectto" />

    <!-- Recaptcha set up -->
    <script type="text/javascript"
       src="http://www.google.com/recaptcha/api/challenge?k=6LcQe-MSAAAAAAG-lHJXWqCfOQQVVx9JMkv0rzDO">
    </script>
    <noscript>
       <iframe src="http://www.google.com/recaptcha/api/noscript?k=6LcQe-MSAAAAAAG-lHJXWqCfOQQVVx9JMkv0rzDO"
           height="300" width="500" frameborder="0"></iframe><br>
       <textarea name="recaptcha_challenge_field" rows="3" cols="40">
       </textarea>
       <input type="hidden" name="recaptcha_response_field" value="manual_challenge">
    </noscript>
  </form>
  • EMAIL_IDENTIFICATION_KEY - This is the key for looking up an email address, it is not the actual address.
  • PAGE_TO_REDIRECT_AFTER_SUBMIT - The (relative) Url to redirect to after the form is submitted.

Reserved Field Names

input name required description
__recipient (required) This should be the name of an appsetting key in the web.config file that contains the email address of the person that should recieve this filled in form
__from (required) The email address that the email should be from
__redirectto (required) The url of a page to redirect the user once they have filled in the form
__subject The subject of the email to be sent
__splitFields fields that should be split up...
__requiredfields a comma separated list of fields which are required
__linebreak Inserts a line break in the email that is sent.
recaptcha_challenge_field Used by reCAPTCHA to describe the CAPTCHA which the user is solving.
recaptcha_response_field Used by reCAPTCHA to return the solution entered by the user.

Any other input name will be treated as the contents of the email. Use the underscore(_) character in the field name to create a space in the email.

Functionality

When the form is submitted, the form email handler loops through the submitted form fields.

  • If the field name starts with __linebreak, a blank line is appended to the email body.
  • If the field name starts with two underscores (__) and is not a reserved field, the field is ignored.
  • If the field name is a reserved name (see above), the value is preserved for further processing.
  • If the field name is submit.x or submit.y, it is ignored. (These are mouse coordinates, sent when <input type="image" is used to submit the form.)
  • If the field name appears in the __splitFields list of fields:
    1. Any underscores (_) in the field name are replaced with spaces and the name is appended to the message body.
    2. A colon, a space, a newline and two tabs (": \n\t\t") are appended to the message body.
    3. Commas in the field value are replaced with a newline and two tabs (\n\t\t)
    4. The resulting value is URL Decoded.
    5. The value is appended to the message body.
    6. A final newline and two tabs (\n\t\t) are appended to the message body.
  • For any other field name:
    1. Any underscores (_) in the field name are replaced with spaces and the name is appended to the message body.
    2. A colon and a space (": ") are appended to the message body.
    3. The field value is appended to the message body.
    4. A final newline is appended to the message body.

Processing

  • __from If the value is a valid email address, it becomes the email from address.
    • If the value is not a valid email address, the message 
      Error: from email 'XXXX' is invalid. Please go back and enter a valid email address.
    is added to the list of errors (where XXXX is the __from value).
  • __recipient The configuration data is checked for an email address matching the field's value.
    • If there is no matching email address, or the address is missing (e.g. "empty string"), the message
    Error: recipient 'XXXX' is not configured."
    is added to the list of errors (where XXXX is the __recipient value).
  • __requiredfields is a comma-separated list of fields. For each field on this list, if the field was not included in the list submitted, the message 
    Required field missing: XXXX
    is added to the list of errors (where XXXX is the required field's name).

If the Captcha is not successfully validated:

  • If there are no error codes, the message "reCAPTCHA check not completed!" is appended to the error list.
  • If the captcha validator does return errors, they are appended to the error list.

If the list of errors is not empty, they are displayed to the user on the returned page.

If there are no errors:

  • An email is sent:
    • __recipient is used to find the recipient address.
    • The From address is the value of __from.
    • The subject line (possibly empty) is the value of __subject.
  • The user is redirected to the path identified in __redirectto.
⚠️ **GitHub.com Fallback** ⚠️