browser-addon icon indicating copy to clipboard operation
browser-addon copied to clipboard
verified publisher icon kee-org

Regex or Partial field Name/ID matches of login entries

Open skibbipl opened this issue 8 years ago • 5 comments

Hello, My second bank uses randomized field id to prevent autofill. Is it possible to mach field ids in kee based on some regexp? Example HTML:

<input name="client_id_field_5638661431-client" value="" id="f-form_5638661431-client_id_field" maxlength="50" size="62" class="text_input text_input_client_id_field NullValidationCharEditField" tabindex="10" aria-flowto="f-form_5638661431-client_id_field-help" type="text">

and after page refresh:

<input name="client_id_field_4991412534-client" value="" id="f-form_4991412534-client_id_field" maxlength="50" size="62" class="text_input text_input_client_id_field NullValidationCharEditField" tabindex="10" aria-flowto="f-form_4991412534-client_id_field-help" type="text">

skibbipl avatar Nov 11 '17 12:11 skibbipl

Field IDs are only one part of what Kee uses to decide what to fill in where. So it is possible that your bank has structured their forms in a way that means the random IDs cause a problem but equally, it could be worth you trying with the latest beta version which has a few bug fixes and improvements that might make this issue moot.

We might be able to add support for regex pattern matching if necessary but it would be expensive - possibly too slow to be acceptable. I'd want to get some performance benchmarks before and after... which we don't have any way to produce at the moment. So that feature definitely wouldn't make it on to the short-term roadmap.

luckyrat avatar Nov 12 '17 22:11 luckyrat

Regex matching could be disabled by default, and enabled only for specific sites. If you need some some performance benchmarks I can definitely execute them on my bank site.

skibbipl avatar Nov 13 '17 08:11 skibbipl

I still don't think it's very likely that we'll implement support for regex in this way but if the improvements I'm planning over the next year or two still don't cover all situations like the randomly generated ID example above, we'll be in a much better place to then add some regex support, with appropriate performance tests and warnings of course.

luckyrat avatar Oct 23 '20 15:10 luckyrat

I can see how regex can be expensive performance, but possibly just adding ability for CSS Selectors would be enough. In the above example the following CSS selector could work: input[name*="client_id_field"], and in my situations the fields I want to include/exclude do not have an ID or name attribute.

KuroSetsuna29 avatar Feb 17 '21 23:02 KuroSetsuna29

Yeah, CSS selectors are definitely higher up the priority list than regexs but even with those, we'll need some thorough performance testing since they aren't free to evaluate and could cause their own problems if users configure selectors that match many elements on a page. Maybe we'd need a maximum limit and error log message to encourage users to fix their selectors in that case.

luckyrat avatar Mar 11 '21 12:03 luckyrat