Public/b2b emailing
Problem with sending emails from public/b2b pages
The regular way exposes all fields to the template - this means anyone can alter the field contents before its being sent. This allows the area to be used for possible phishing attacks.
Secure fields with automations
The best way to hide the fields is to move all functional fields away from the template (in this case into an automation) These automation fields are never exposed to the public and cannot be intercepted.
The following example contains 3 templates:
- check-page - the page where the user inputs the email (public page)
- check-emailer-automation - the automation tha actually makes the email send
- optional - just for an example we parse a template into the email content in the automation (not public)
check-page
In this example we only render the form when nothing is sent, we also never expose the automation trigger to the template, thus a user cannot even alter its execution.
We use the input here to trigger the automation, and the only value that is being passed to the e-mailer.
<h1>Secure emailer</h1>
<p>Email from public/b2b without exposing the fields for editing</p>
<!-- Optional, we render the form only once and display a message once its already sent -->
{{ if .Data.Parameters.inputEmailField }}
{{ .Tools.AutomationEvent "check-emailer-automation" (jsonSet `{}` "email" .Data.Parameters.inputEmailField) }}
<h2>Thanks!</h2>
{{ else }}
<h2>Send me something</h2>
<form method="post">
<label for="email">Add your email</label>
<input type="string" id="email" name="inputEmailField">
<button type="submit">Send</button>
</form>
{{ end }}
{{ .Data.Parameters.inputEmailField }}
check-emailer-automation
We read the email from the passed data and use it as the email, rest is hardcoded into the automation. Here we also encode an optional template to the email body.
{
"postOperations": [
{
"EMSApi.SendEmailInput.To": "{{ .Data.Automation.Request.Get "email" }}",
"EMSApi.SendEmailInput.Subject": "Secure emailer demo",
"EMSApi.SendEmailInput.ContentType": "html",
"EMSApi.SendEmailInput.Content": "<encode>{{ .Tools.ExecTemplate "check-done-page" }}</encode>",
"EMSApi.SendEmailInput.IsEncoded": "true"
}
],
"enabled": true
}
(optional) check-done-page
The content that will be in the email.
<h1>Thanks! email received</h1>