PassFF uses wrong submit button

[chri2]

Environment

Versions

• Operating system: PureOS
• Browser: Firefox 101.0.1
• PassFF: 1.14.1
• Host app: discord https://forums.puri.sm

Observations

When submititng the login form of forums.puri.sm PassFF uses the for most users wrong "with LDAP"-button instead of the "with E-Mail"-button.

Steps to reproduce the issue

1. goto https://forums.puri.sm
2. after creating an account try to fill and submit the login data

Expected behaviour

Tried to fix my problem by changing "Form submit button queries, one per line".

I didn't find documentation and would have expected it containing these or at least some of these topics:

• should be mentioned that css selectors are used
• references to more information about css selectors (maybe: https://developer.mozilla.org/en-US/docs/Web/CSS/Attribute_selectors)
• reference/description on how to test the css selecor for a page (how to evaluate them in element inspector?)
• comments in default selectors explaining how these work to get users without css knowledge started
• document that the lines in the configuration are appended to each other by ',' to form the final selector

I'm no web developer and am new to CSS and its selectors.

I tried to find a modification of the default selectors

button:not([type=reset])
input[type=submit]
input[type=button]
[role=button]

to stop button:not([type=reset]) from matching the wrong submit button <button class="btn btn-social ldap" type="button" data-ember-action="" data-ember-action-121="121">, but couldn't find a way to say something like:

match any button that is not of [type=reset] and that is not in class "btn btn-social ldap"

Any help would be welcome.

[tuxor1337]

match any button that is not of [type=reset] and that is not in class "btn btn-social ldap"

Try this one: button:not([type=reset]):not(.btn.btn-social.ldap)

For the rest, I agree that it's probably a good idea to have a more helpful description of the Form submit button queries. I will be happy to discuss details in a PR if somebody has the time to look into this.

[chri2]

Thanks for the advice and pointing me into the direction of that syntax.

It didn't work.

I tried to extend it until I had this...

button:not([type=reset]):not(.btn.btn-social.ldap):not(.btn-flat.modal-close.close.btn.no-text.btn-icon.ember-view):not(.widget-button.btn.btn-primary.btn-small.sign-up-button.btn-text):not(.widget-button.btn.btn-primary.btn-small.login-button.btn-icon-text):not(.btn-large.btn.btn-text.ember-view):not(.full.jump-top.btn.no-text.ember-view):not(.full.jump-bottom.btn.no-text.ember-view)
input[type=submit]
input[type=button]
[role=button]:not(.select-kit-header.single-select-header.combo-box-header.category-drop-header.ember-view)

...which didn't work neither.

I tried to rule out any hit I found using the FF inspector and its search field. The above only left two hits and I didn't find a solution to not match <input type="submit" id="signin-button" value="Log In"> which would send an emtpy hidden form as I read that part.

A problem I didn't find in PassFF log output any information which button/submit/whatever it would use when it tries to submit the filled in values. I get this logging:

Gewechselt zu https://forums.puri.sm/
[PassFF.content] 5 matches for https://forums.puri.sm/ util.js:84:14
[PassFF.content] Best fit item forums.puri.sm for https://forums.puri.sm/ util.js:84:14
[PassFF.content] Inject icon login-account-name util.js:84:14
[PassFF.content] Inject icon login-account-password util.js:84:14
[PassFF.content] Fill active element 
<input id="login-account-name" class="ember-text-field ember-view" autofocus="" autocapitalize="none" autocorrect="off" placeholder="email or username" type="text" style='background-repeat: no-re…or: pointer !important;' passff-autocomplete="null" autocomplete="off">
util.js:84:14
[PassFF.content] Set inputs... util.js:84:14
[PassFF.content] Unsafe submit... null util.js:84:14

About the documentation: once I get a hold on this I can try to provide a mr for README.md to include the information I found about the "Form submit button queries, one per line" field.

[tuxor1337]

Hm, the problem with that login form is that the <form> element doesn't contain any buttons at all, and that the login button (that is outside of the <form> element) doesn't have the type="submit" attribute set. I think that the best place to fix this is inside the forum software that is used on that web site.

There are two things that we can still try on our end:

1. Use requestSubmit instead of submit in cases where we weren't able to find a button: https://developer.mozilla.org/en-US/docs/Web/API/HTMLFormElement/requestSubmit
2. When looking for the button, also look outside of the <form> element but with the restriction that the form="THE_FORM_ID" attribute is set.

I think, the second point would probably work around this issue.

[chri2]

Thanks again for your explanations and help! I forwarded the issue to the Purism people to check the forums.