ForgeLocal documentation · v1.2.0
Forms & Integrations
Connect the quote, service, schedule, contact and careers forms without exposing secrets or implying automatic confirmation.
1. Default behaviour
All forms use data-demo-form. JavaScript prevents
submission, validates required fields, shows an error summary,
simulates a short loading state and displays a local success
message. No network request is made.
2. Quote form
pages/request-quote.html uses four steps.
quote-form.js handles steps and saves a draft to
localStorage. The fields cover identity, contact, address, property
type, category, service, urgency, preferred period, budget, details
and consent.
3. Service-request form
pages/request-service.html is for existing customers or
maintenance visits. It explicitly states that a preferred date is
not confirmed.
4. Schedule request
pages/schedule-request.html displays a live summary
through schedule.js. It has no live availability and
cannot book an appointment.
5. Netlify Forms
- Remove or adapt the demonstration submit handler for the chosen form.
-
Add
name="quote-request" method="POST" data-netlify="true"to the form. -
Keep a hidden
form-nameinput if required by the current Netlify documentation. - Deploy through Netlify and submit a test using non-sensitive data.
- Configure notifications, spam controls and retention in the provider dashboard.
6. Formspree
- Create a real form in Formspree.
-
Set
method="POST"and the provider-issued HTTPS action. - Remove the demo prevention only for that form.
- Test validation, success, failure, consent and spam handling.
7. Custom backend endpoint
Set a reviewed HTTPS endpoint, validate and sanitize every field on the server, implement rate limiting and CSRF controls where applicable, return accessible success and error responses, and define secure retention.
8. CRM webhook placeholder
Never put private webhook URLs, tokens or credentials in frontend JavaScript. Send data to your own secure server, then relay it to the CRM.
9. Error and success states
Keep the error summary, inline messages,
aria-invalid state and aria-live status
region. Test using keyboard and screen reader after integration.
10. Duplicate prevention and spam
The demo disables the submit button after success and includes a honeypot. Production forms still need server-side idempotency, rate limits and provider spam controls.
11. File uploads
The careers form includes a résumé filename placeholder only. Do not add file uploads without reviewing size, type, malware scanning, privacy, storage and accessibility.
Version 1.2.0
Estimator and form behaviour
The estimator never transmits data and reads editable ranges from config.js. The existing forms remain frontend demonstrations until an endpoint is connected. Keep the non-binding and no-transmission messages visible unless real backend behaviour replaces them.