-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[FormAnalyzer] Tweak regex to match forgot password attribute #712
Conversation
6429e4c
to
765fbe2
Compare
@@ -416,7 +416,7 @@ const matchingConfiguration = { | |||
}, | |||
resetPasswordLink: { | |||
match: | |||
"(forgot(ten)?|reset|don't remember) (your )?password|password forgotten" + | |||
"(forgot(ten)?|reset|don't remember)[-\\s]?(your )?password|password forgotten" + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This allows forgot-password
to be matched, which is a valid case. Note that this also allows forgotPassword
to be matched now, creating the test results to change (see comment below).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, but how about this?
"(forgot(ten)?|reset|don't remember)[-\\s]?(your )?password|password forgotten" + | |
"(forgot(ten)?|reset|don't remember).?(your )?password|password forgotten" + |
This way, it also catches _ and . : or whatever else they choose to use. It's also simpler to read.
@@ -120,7 +120,7 @@ | |||
{ "html": "samash_signup.html" }, | |||
{ "html": "financialtimes_login.html", "title": "Login" }, | |||
{ "html": "containerstore_login_signup.html" }, | |||
{ "html": "containerstore_forgot_password.html", "expectedFailures": ["username"] }, | |||
{ "html": "containerstore_forgot_password.html", "expectedFailures": ["password.new"] }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
So here we are breaking the password field now, but on the other hand we're fixing the username field. I think its a net win, given the site in question (sharperimages.com).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is unfortunate. I've spent 30 mins looking for a quick win but couldn't find anything obvious.
Note that containerstore has a higher domain rank than what we're fixing now, but in this case we're just changing what breaks on containerstore, so it's not a net regression. FYI, you can check domain rank using https://tranco-list.eu/query.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah i've been using that tool for triaging as well - but I also considered this is a neutral change as mentioned in the comment, regardless of the rank.
Actually we fix the "first step" of the process which is arguably better 😄
@@ -384,7 +384,7 @@ const matchingConfiguration = { | |||
}, | |||
signupRegex: { | |||
match: | |||
'sign(ing)?.?up|join|\\bregist(er|ration)|newsletter|\\bsubscri(be|ption)|contact|create|start|enroll|settings|preferences|profile|update|checkout|purchase|buy|^order|schedule|estimate|request|new.?customer|(confirm|re.?(type|enter)|repeat) password|password confirm' + | |||
'sign(ing)?.?up|join|\\bregist(er|ration)|newsletter|\\bsubscri(be|ption)|contact|create|start|enroll|settings|preferences|profile|update|checkout|purchase|buy|^order|schedule|estimate|(?<!reset\\s)request|new.?customer|(confirm|re.?(type|enter)|repeat) password|password confirm' + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is a negative lookbehind, not lookahead, and it seems like it's not supported by some versions of Safari (therefore Webkit and the webview we use). On top of that, I tried removing it and the form seems to still be working, therefore I'd nix this to avoid compatibility with older versions of Webkit.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah I used it to give that extra score, but it's not necessary we keep it. I can remove it, maybe we bring it back when we have full support :)
@@ -416,7 +416,7 @@ const matchingConfiguration = { | |||
}, | |||
resetPasswordLink: { | |||
match: | |||
"(forgot(ten)?|reset|don't remember) (your )?password|password forgotten" + | |||
"(forgot(ten)?|reset|don't remember)[-\\s]?(your )?password|password forgotten" + |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Nice, but how about this?
"(forgot(ten)?|reset|don't remember)[-\\s]?(your )?password|password forgotten" + | |
"(forgot(ten)?|reset|don't remember).?(your )?password|password forgotten" + |
This way, it also catches _ and . : or whatever else they choose to use. It's also simpler to read.
@@ -120,7 +120,7 @@ | |||
{ "html": "samash_signup.html" }, | |||
{ "html": "financialtimes_login.html", "title": "Login" }, | |||
{ "html": "containerstore_login_signup.html" }, | |||
{ "html": "containerstore_forgot_password.html", "expectedFailures": ["username"] }, | |||
{ "html": "containerstore_forgot_password.html", "expectedFailures": ["password.new"] }, |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is unfortunate. I've spent 30 mins looking for a quick win but couldn't find anything obvious.
Note that containerstore has a higher domain rank than what we're fixing now, but in this case we're just changing what breaks on containerstore, so it's not a net regression. FYI, you can check domain rank using https://tranco-list.eu/query.
0b0ce00
to
b60c7da
Compare
21be6ff
to
0d05868
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🚀
Task/Issue URL: https://app.asana.com/0/1208923931185505/1208923931185505 Autofill Release: https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.0.0 ## Description Updates Autofill to version [16.0.0](https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.0.0). ### Autofill 16.0.0 release notes ## What's Changed This PR introduces breaking changes for Android/Windows causing save autofill prompt to get triggered in username only fields. * Upgrade to shared eslint config + Adopt Prettier by @muodov in duckduckgo/duckduckgo-autofill#695 * Ignore lint PR in git blame by @muodov in duckduckgo/duckduckgo-autofill#699 * Update password-related json files (2024-11-18) by @daxmobile in duckduckgo/duckduckgo-autofill#706 * [Form] Always scan shadow elements when categorizing the form inputs by @dbajpeyi in duckduckgo/duckduckgo-autofill#703 * Bump ts-to-zod from 3.1.3 to 3.14.0 by @dependabot in duckduckgo/duckduckgo-autofill#710 * [FormAnalyzer] Fix paperlesspost.com login form by @dbajpeyi in duckduckgo/duckduckgo-autofill#711 * [FormAnalyzer] Tweak regex to match forgot password attribute by @dbajpeyi in duckduckgo/duckduckgo-autofill#712 * [Form] Trigger partialSave on username/email only form submit by @dbajpeyi in duckduckgo/duckduckgo-autofill#702 **Full Changelog**: duckduckgo/duckduckgo-autofill@15.1.0...16.0.0 ## Steps to test This release has been tested during autofill development. For smoke test steps see [this task](https://app.asana.com/0/1198964220583541/1200583647142330/f). Co-authored-by: dbajpeyi <[email protected]>
Task/Issue URL: https://app.asana.com/0/1208923931185505/1208923931185505 Autofill Release: https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.0.0 BSK PR: duckduckgo/BrowserServicesKit#1122 ## Description Updates Autofill to version [16.0.0](https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.0.0). ### Autofill 16.0.0 release notes ## What's Changed This PR introduces breaking changes for Android/Windows causing save autofill prompt to get triggered in username only fields. * Upgrade to shared eslint config + Adopt Prettier by @muodov in duckduckgo/duckduckgo-autofill#695 * Ignore lint PR in git blame by @muodov in duckduckgo/duckduckgo-autofill#699 * Update password-related json files (2024-11-18) by @daxmobile in duckduckgo/duckduckgo-autofill#706 * [Form] Always scan shadow elements when categorizing the form inputs by @dbajpeyi in duckduckgo/duckduckgo-autofill#703 * Bump ts-to-zod from 3.1.3 to 3.14.0 by @dependabot in duckduckgo/duckduckgo-autofill#710 * [FormAnalyzer] Fix paperlesspost.com login form by @dbajpeyi in duckduckgo/duckduckgo-autofill#711 * [FormAnalyzer] Tweak regex to match forgot password attribute by @dbajpeyi in duckduckgo/duckduckgo-autofill#712 * [Form] Trigger partialSave on username/email only form submit by @dbajpeyi in duckduckgo/duckduckgo-autofill#702 **Full Changelog**: duckduckgo/duckduckgo-autofill@15.1.0...16.0.0 ## Steps to test This release has been tested during autofill development. For smoke test steps see [this task](https://app.asana.com/0/1198964220583541/1200583647142330/f). --------- Co-authored-by: dbajpeyi <[email protected]> Co-authored-by: Graeme Arthur <[email protected]>
Task/Issue URL: https://app.asana.com/0/1208923931185505/1208923931185505 Autofill Release: https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.0.0 BSK PR: duckduckgo/BrowserServicesKit#1122 ## Description Updates Autofill to version [16.0.0](https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.0.0). ### Autofill 16.0.0 release notes ## What's Changed This PR introduces breaking changes for Android/Windows causing save autofill prompt to get triggered in username only fields. * Upgrade to shared eslint config + Adopt Prettier by @muodov in duckduckgo/duckduckgo-autofill#695 * Ignore lint PR in git blame by @muodov in duckduckgo/duckduckgo-autofill#699 * Update password-related json files (2024-11-18) by @daxmobile in duckduckgo/duckduckgo-autofill#706 * [Form] Always scan shadow elements when categorizing the form inputs by @dbajpeyi in duckduckgo/duckduckgo-autofill#703 * Bump ts-to-zod from 3.1.3 to 3.14.0 by @dependabot in duckduckgo/duckduckgo-autofill#710 * [FormAnalyzer] Fix paperlesspost.com login form by @dbajpeyi in duckduckgo/duckduckgo-autofill#711 * [FormAnalyzer] Tweak regex to match forgot password attribute by @dbajpeyi in duckduckgo/duckduckgo-autofill#712 * [Form] Trigger partialSave on username/email only form submit by @dbajpeyi in duckduckgo/duckduckgo-autofill#702 **Full Changelog**: duckduckgo/duckduckgo-autofill@15.1.0...16.0.0 ## Steps to test This release has been tested during autofill development. For smoke test steps see [this task](https://app.asana.com/0/1198964220583541/1200583647142330/f). --------- Co-authored-by: dbajpeyi <[email protected]> Co-authored-by: Graeme Arthur <[email protected]>
Reviewer: @GioSensation
Asana: https://app.asana.com/0/1200930669568058/1208866408334189/f
Description
(sharperimage.com, domain rank: ~47k)
It seems like we don't match a a pretty strong signal of
forgotPassword
orforgot-password
attributes in the reset password form, causing form scores on sharperimages.com to be considered signup. Additionally the attribute text "Password reset request" ends up matching signup, because of therequest
part. This PR:-
in login regexes before the password tokenrequest
so that it's ignored in signup regexes whenreset
comes beforerequest
.Also note that the "Forgot password" heading are outside of the actual form attribute, so it'd be harder to catch them, since here we have literally a
![Screenshot 2024-11-29 at 17 25 21](https://private-user-images.githubusercontent.com/3018923/391145043-2e228884-1c43-485b-88bc-895c677143cc.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MzU1NzU4NzksIm5iZiI6MTczNTU3NTU3OSwicGF0aCI6Ii8zMDE4OTIzLzM5MTE0NTA0My0yZTIyODg4NC0xYzQzLTQ4NWItODhiYy04OTVjNjc3MTQzY2MucG5nP1gtQW16LUFsZ29yaXRobT1BV1M0LUhNQUMtU0hBMjU2JlgtQW16LUNyZWRlbnRpYWw9QUtJQVZDT0RZTFNBNTNQUUs0WkElMkYyMDI0MTIzMCUyRnVzLWVhc3QtMSUyRnMzJTJGYXdzNF9yZXF1ZXN0JlgtQW16LURhdGU9MjAyNDEyMzBUMTYxOTM5WiZYLUFtei1FeHBpcmVzPTMwMCZYLUFtei1TaWduYXR1cmU9NWYyZjMwOGJmMzUxNWY4OTcyZTUwOWYzNTFmNTQ4MWZiODRmMzkzNmMxYzBiNjI5NWNkZjNlZTFmYmY0ZjdlMCZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QifQ.JjyO36a4B1afxTWAVle4dFX6ivDMgQCuetImxV7rMbU)
form
element correctly encapsulating the fieldsSteps to test