[FormAnalyzer] add external link check for submit buttons #736
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
58f30a4 to
6422fea
Compare
444a434 to
8e887fd
Compare
8e887fd to
6e1ef70
Compare
6e1ef70 to
72ea68c
Compare
72ea68c to
a42b5c7
Compare
dbajpeyi
commented
Jan 14, 2025
| ); | ||
| }; | ||
|
|
||
| return isCustomWebElementLink || isElementLikelyALink(el) || isElementLikelyALink(el.closest('a')); |
There was a problem hiding this comment.
Added the use of closest here, it seems to be performant as it's natively implemented.
alistairjcbrown
approved these changes
Jan 16, 2025
— and awesome that it didn’t cause any regressions on the other forms 🎉
src/Form/FormAnalyzer.js
Outdated
| const isElementLikelyALink = (el) => { | ||
| if (el == null) return false; | ||
| return ( | ||
| (el instanceof HTMLAnchorElement && el.href && el.getAttribute('href') !== '#') || |
There was a problem hiding this comment.
NAB: Should we check that it’s not a document fragment too?
Suggested change
| (el instanceof HTMLAnchorElement && el.href && el.getAttribute('href') !== '#') || | |
| (el instanceof HTMLAnchorElement && el.href && !el.getAttribute('href').startsWith('#') || |
There was a problem hiding this comment.
That would be a nice improvement! 281e61f
8ff3e82 to
281e61f
Compare
This was referenced Jan 29, 2025
graeme
added a commit
to duckduckgo/BrowserServicesKit
that referenced
this pull request
Jan 31, 2025
Task/Issue URL: https://app.asana.com/0/1209268905749226/1209268905749226 Autofill Release: https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.2.0 ## Description Updates Autofill to version [16.2.0](https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.2.0). ### Autofill 16.2.0 release notes ## What's Changed * [Matching] Update regex to match for 'confirm password' by @dbajpeyi in duckduckgo/duckduckgo-autofill#719 * Update password-related json files (2025-01-06) by @daxmobile in duckduckgo/duckduckgo-autofill#730 * [FormAnalyzer] Use conservative regex for attributes by @dbajpeyi in duckduckgo/duckduckgo-autofill#735 * [FormAnalyzer] Don't flip scores on buttons with specific text by @dbajpeyi in duckduckgo/duckduckgo-autofill#725 * [FormAnalyzer] add external link check for submit buttons by @dbajpeyi in duckduckgo/duckduckgo-autofill#736 * [FormAnalyzer] scoring password hints by @dbajpeyi in duckduckgo/duckduckgo-autofill#720 * [Matching] only allow matching on password types by @dbajpeyi in duckduckgo/duckduckgo-autofill#740 * [Autofill utils] Form wrapper failsafe documentation by @dbajpeyi in duckduckgo/duckduckgo-autofill#741 * [Form] phone and credit card for recategorization by @dbajpeyi in duckduckgo/duckduckgo-autofill#733 **Full Changelog**: duckduckgo/duckduckgo-autofill@16.1.0...16.2.0 ## Steps to test This release has been tested during autofill development. For smoke test steps see [this task](https://app.asana.com/0/1198964220583541/1200583647142330/f). Co-authored-by: dbajpeyi <3018923+dbajpeyi@users.noreply.github.com> Co-authored-by: Graeme Arthur <2030310+graeme@users.noreply.github.com>
CDRussell
pushed a commit
to duckduckgo/Android
that referenced
this pull request
Feb 3, 2025
Task/Issue URL: https://app.asana.com/0/1209268903907280/1209268903907280 Autofill Release: https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.2.0 ## Description Updates Autofill to version [16.2.0](https://github.com/duckduckgo/duckduckgo-autofill/releases/tag/16.2.0). ### Autofill 16.2.0 release notes ## What's Changed * [Matching] Update regex to match for 'confirm password' by @dbajpeyi in duckduckgo/duckduckgo-autofill#719 * Update password-related json files (2025-01-06) by @daxmobile in duckduckgo/duckduckgo-autofill#730 * [FormAnalyzer] Use conservative regex for attributes by @dbajpeyi in duckduckgo/duckduckgo-autofill#735 * [FormAnalyzer] Don't flip scores on buttons with specific text by @dbajpeyi in duckduckgo/duckduckgo-autofill#725 * [FormAnalyzer] add external link check for submit buttons by @dbajpeyi in duckduckgo/duckduckgo-autofill#736 * [FormAnalyzer] scoring password hints by @dbajpeyi in duckduckgo/duckduckgo-autofill#720 * [Matching] only allow matching on password types by @dbajpeyi in duckduckgo/duckduckgo-autofill#740 * [Autofill utils] Form wrapper failsafe documentation by @dbajpeyi in duckduckgo/duckduckgo-autofill#741 * [Form] phone and credit card for recategorization by @dbajpeyi in duckduckgo/duckduckgo-autofill#733 **Full Changelog**: duckduckgo/duckduckgo-autofill@16.1.0...16.2.0 ## Steps to test This release has been tested during autofill development. For smoke test steps see [this task](https://app.asana.com/0/1198964220583541/1200583647142330/f). Co-authored-by: dbajpeyi <3018923+dbajpeyi@users.noreply.github.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Reviewer: @alistairjcbrown
Asana: https://app.asana.com/0/1200930669568058/1209102571867762
Description
It seems like the "Create a User ID" text in fedex' login form is wrongly scored, even though it's actually from a "link" that is outbound and the score should be flipped in this case (notice +4)
We already have this logic that is supposed to catch similar links, but sadly the anchor tag in question never reaches it, since it has a "button" like class:
Which means, we should also check for outbound links when checking submit buttons https://github.com/duckduckgo/duckduckgo-autofill/blob/main/src/Form/FormAnalyzer.js#L282
Score after the changes
Other approaches considered
Scanner didn't catch the "Login" submit button, because the form builder bailed out early as the login button is too far. We don't want to ideally increase the depth of the builder as it has significant performance impact.
Steps to test