[GH-ISSUE #18] minor: address autocompletion is too strict #13

New issue

Closed

opened 2026-02-25 21:33:55 +03:00 by kerem · 9 comments

kerem commented 2026-02-25 21:33:55 +03:00

Owner

Copy link

Originally created by @dumblob on GitHub (Aug 20, 2015).
Original GitHub issue: https://github.com/cypht-org/cypht/issues/18

Originally assigned to: @jasonmunro on GitHub.

In modules/contacts/site.js autocomplete_contact() there is a check for minimal length of the requested string. 4 is used as minimum, which is in my opinion not necessary as in practice we're interested in every single character, because of emails of very short length and very long length a@x.y b@x.y c@x.y d@x.y Andreas Withe Super Extra Long German Name <andreaswithsuperextralonggermanname@superextralongdomainbecausewecan.com> being next to each other. I wouldn't worry about the overhead introduced by changing the minimum to 1 as nobody types thousands of requests per second (so AJAX and PHP would be fine) and regarding the backend DB, it's suited for such load.

Also, I wonder if contact_suggestions[i] in autocomplete_contact_results() shouldn't be converted to HTML tag attribute compatible string as according to https://tools.ietf.org/html/rfc2822#section-3.4 , the domain part can contain really interesting characters potentially invalid in attribute strings (non white space controls, character references, ", ' to name a few). I myself wouldn't trust at all that the DB content is clean ;)

Originally created by @dumblob on GitHub (Aug 20, 2015). Original GitHub issue: https://github.com/cypht-org/cypht/issues/18 Originally assigned to: @jasonmunro on GitHub. In `modules/contacts/site.js` `autocomplete_contact()` there is a check for minimal length of the requested string. `4` is used as minimum, which is in my opinion not necessary as in practice we're interested in every single character, because of emails of very short length and very long length `a@x.y` `b@x.y` `c@x.y` `d@x.y` `Andreas Withe Super Extra Long German Name <andreaswithsuperextralonggermanname@superextralongdomainbecausewecan.com>` being next to each other. I wouldn't worry about the overhead introduced by changing the minimum to `1` as nobody types thousands of requests per second (so AJAX and PHP would be fine) and regarding the backend DB, it's suited for such load. Also, I wonder if `contact_suggestions[i]` in `autocomplete_contact_results()` shouldn't be converted to HTML tag attribute compatible string as according to https://tools.ietf.org/html/rfc2822#section-3.4 , the domain part can contain really interesting characters potentially invalid in attribute strings (non white space controls, character references, `"`, `'` to name a few). I myself wouldn't trust at all that the DB content is clean ;)

kerem 2026-02-25 21:33:55 +03:00

• closed this issue
• added the
  bug
  label

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Aug 25, 2015):

This is still a work in progress and needs some love. I was trying to leverage native browser auto-completing via the datalist tag which requires the values to be in a tag attribute. There are a number of things I don't like about this approach, so ultimately we may need to roll our own solution here. WRT the content not being clean, you are absolutely right, thanks for catching that. I got lazy and output the suggestions directly from a handler mod without filtering them through an output mod. Regardless of whether we stick with native auto-complete or build a custom UI component for this, I will get that part fixed up.

<!-- gh-comment-id:134678191 --> @jasonmunro commented on GitHub (Aug 25, 2015): This is still a work in progress and needs some love. I was trying to leverage native browser auto-completing via the datalist tag which requires the values to be in a tag attribute. There are a number of things I don't like about this approach, so ultimately we may need to roll our own solution here. WRT the content not being clean, you are absolutely right, thanks for catching that. I got lazy and output the suggestions directly from a handler mod without filtering them through an output mod. Regardless of whether we stick with native auto-complete or build a custom UI component for this, I will get that part fixed up.

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@dumblob commented on GitHub (Aug 25, 2015):

I was trying to leverage native browser auto-completing via the datalist tag which requires the values to be in a tag attribute. There are a number of things I don't like about this approach, so ultimately we may need to roll our own solution here.

IMHO it's not such a bad idea (but I'm not a web expert). In general I can think of only one minor concern, namely the fact, that auto-completion is browser-dependent, so the behavior might differ. But one can consider this as both positive and negative thing. I myself consider it as a more positive one.

You surely had something else in mind though, what are those "number of things" you don't like on this approach?

<!-- gh-comment-id:134691245 --> @dumblob commented on GitHub (Aug 25, 2015): > I was trying to leverage native browser auto-completing via the datalist tag which requires the values to be in a tag attribute. There are a number of things I don't like about this approach, so ultimately we may need to roll our own solution here. IMHO it's not such a bad idea (but I'm not a web expert). In general I can think of only one minor concern, namely the fact, that auto-completion is browser-dependent, so the behavior might differ. But one can consider this as both positive and negative thing. I myself consider it as a more positive one. You surely had something else in mind though, what are those "number of things" you don't like on this approach?

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Aug 28, 2015):

The way this works is we use an ajax call to populate a list of available auto-complete values - but the browser still filters that list against what is in the text box from left to right. This makes auto-completing the second or third comma separated address problematic. I also want to bring in suggestions that match both the E-mail or the name associated with it. Again the way this works means those suggestions will not be shown after the left-right comparison (this is all with chromium, so other browsers may differ - another potential issue).

<!-- gh-comment-id:135886837 --> @jasonmunro commented on GitHub (Aug 28, 2015): The way this works is we use an ajax call to populate a list of available auto-complete values - but the browser still filters that list against what is in the text box from left to right. This makes auto-completing the second or third comma separated address problematic. I also want to bring in suggestions that match both the E-mail or the name associated with it. Again the way this works means those suggestions will not be shown after the left-right comparison (this is all with chromium, so other browsers may differ - another potential issue).

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@dumblob commented on GitHub (Aug 29, 2015):

It's true, that the double filtering might cause issues. Do you have any experience with long datalists (possibly more than thousand contacts) in the DOM tree? I was just thinking about on-demand incremental fetching of the whole contact list based on the typed characters in the field (which is pretty much what the current implementation does, except that it removes already fetched datalist option tags).

I also want to bring in suggestions that match both the E-mail or the name associated with it.

IIRC the RFC correctly, the full name and email address has format "Some Name" <email@addr.domain>. I tried this format in Firefox 39 on http://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_datalist and it worked (I put there two different option tags: <option value"&quot;some name&quot; &lt;abc@def.xyz&gt;"> <option value"&quot;abc def&quot; &lt;some@name.xyz&gt;"> and tried matching def and some etc.). Or did you mean something else by "match both"?

On the other hand, matching also other "hidden" properties (like day of birth or some plain description) from the address/contact list might also be a plus and that won't work at all with the datalist tag as there is no easy solution how to "hide" the additional information in the value attribute.

<!-- gh-comment-id:135950358 --> @dumblob commented on GitHub (Aug 29, 2015): It's true, that the double filtering might cause issues. Do you have any experience with long datalists (possibly more than thousand contacts) in the DOM tree? I was just thinking about on-demand incremental fetching of the whole contact list based on the typed characters in the field (which is pretty much what the current implementation does, except that it removes already fetched datalist option tags). > I also want to bring in suggestions that match both the E-mail or the name associated with it. IIRC the RFC correctly, the full name and email address has format `"Some Name" <email@addr.domain>`. I tried this format in Firefox 39 on http://www.w3schools.com/tags/tryit.asp?filename=tryhtml5_datalist and it worked (I put there two different option tags: `<option value"&quot;some name&quot; &lt;abc@def.xyz&gt;">` `<option value"&quot;abc def&quot; &lt;some@name.xyz&gt;">` and tried matching `def` and `some` etc.). Or did you mean something else by "match both"? On the other hand, matching also other "hidden" properties (like day of birth or some plain description) from the address/contact list might also be a plus and that won't work at all with the datalist tag as there is no easy solution how to "hide" the additional information in the value attribute.

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Sep 2, 2015):

Or did you mean something else by "match both"?

In Chromium the only entries that make it past the browser filter are those that exactly match from left to right, including things like quotes. I just tested FF and confirmed what you are seeing, which is better, but still will have issues as you mentioned matching on other fields, and with multiple addresses per field.

Also, I fixed the contact suggestion filtering you mentioned in the OP in github.com/jasonmunro/hm3@26fd9fe3cf

Thanks again for all the great feedback!

<!-- gh-comment-id:137182091 --> @jasonmunro commented on GitHub (Sep 2, 2015): > Or did you mean something else by "match both"? In Chromium the only entries that make it past the browser filter are those that exactly match from left to right, including things like quotes. I just tested FF and confirmed what you are seeing, which is better, but still will have issues as you mentioned matching on other fields, and with multiple addresses per field. Also, I fixed the contact suggestion filtering you mentioned in the OP in https://github.com/jasonmunro/hm3/commit/26fd9fe3cf9e778a7e0639ec36cc894ea0a5401b Thanks again for all the great feedback!

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Sep 10, 2015):

I committed a new auto-complete system that does not use native browser completion. It's pretty slick I think, but I have only tested it in chromium. It needs more attention and clean-up but it's pretty cool so far.

<!-- gh-comment-id:139373935 --> @jasonmunro commented on GitHub (Sep 10, 2015): I committed a new auto-complete system that does not use native browser completion. It's pretty slick I think, but I have only tested it in chromium. It needs more attention and clean-up but it's pretty cool so far.

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Sep 14, 2015):

I'm going to close this since the new system addresses the points made here. If you have any additional problems with the contact auto-complete feature, please file another issue. Thanks!

<!-- gh-comment-id:140148592 --> @jasonmunro commented on GitHub (Sep 14, 2015): I'm going to close this since the new system addresses the points made here. If you have any additional problems with the contact auto-complete feature, please file another issue. Thanks!

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@jasonmunro commented on GitHub (Dec 8, 2015):

forgot about that bit. Just updated the code to allow auto-complete to kick in if the field value length is greater than 0. Thanks for the reminder!

<!-- gh-comment-id:162930907 --> @jasonmunro commented on GitHub (Dec 8, 2015): forgot about that bit. Just updated the code to allow auto-complete to kick in if the field value length is greater than 0. Thanks for the reminder!

kerem commented 2026-02-25 21:33:55 +03:00

Author

Owner

Copy link

@dumblob commented on GitHub (Dec 8, 2015):

Awesome. You're welcome.

<!-- gh-comment-id:162932070 --> @dumblob commented on GitHub (Dec 8, 2015): Awesome. You're welcome.

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

2.x

mta-sts-implementation

feat-compose-backspace-delete-recipients

release-2.5.1

add-tls3-support

1.4.x

enforce-coverage

release-2.4.2

strip_dns_prefetch_tags

fix_nightly_build

pr-title-validation-update

review-sent-email

revert-1339-fixed-tags-display

revert-1061-rem-cram-md5

sys-messages-revamp

revert-685-fixed-str-pos-warning-when-no-to

revert-590-empty-settings

release-1.3.0

revert-471-draft-add-warning

revert-454-feature/server-list-by-uniqid

php7.4-support

release-1.2.0

remove-mobile-media-queries

release-1.1.0

release-1.0.0

v2.7.0

v2.6.0

v2.5.1

v2.5.0

v1.4.7

v2.4.2

v2.4.1

v1.4.6

v1.4.5

v2.4.0

v2.3.0

v2.2.0

v1.4.4

v2.1.0

v2.0.1

v1.4.3

v2.0.0

v1.4.2

v1.4.1

v1.4.0

v1.3.0

v1.3.0-rc3

v1.3.0-rc2

v1.3.0-rc1

v1.1.0

v1.1.0-rc4

v1.1.0-rc3

v1.1.0-rc2

v1.1.0-rc1

v1.0.0

v1.0.0-rc8

v1.0.0-rc7

v1.0.0-rc6

v1.0.0-rc5

v1.0.0-rc4

v1.0.0-rc3

v1.0.0-rc2

v1.0.0-rc1

Labels

Clear labels   

2fa

  

I18N

  

PGP

  

Security

  

Security

  

account

  

advanced_search

  

advanced_search

  

announcement

  

api_login

  

authentication

  

awaiting feedback

  

blocker

  

bug

  

bug

  

bug

  

calendar

  

config

  

contacts

  

core

  

core

  

devops

  

docker

  

docs

  

duplicate

  

dynamic_login

  

enhancement

  

epic

  

feature

  

feeds

  

framework

  

github

  

github

  

gmail_contacts

  

good first issue

  

help wanted

  

history

  

history

  

imap

  

imap_folders

  

inline_message

  

installation

  

keyboard_shortcuts

  

keyboard_shortcuts

  

ldap_contacts

  

mobile

  

need-ssh-access

  

new module set

  

nux

  

pop3

  

profiles

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

refactor

  

release

  

research

  

saved_searches

  

smtp

  

strategic

  

tags

  

tests

  

themes

  

website

  

wordpress

No labels

2fa

I18N

PGP

Security

Security

account

advanced_search

advanced_search

announcement

api_login

authentication

awaiting feedback

blocker

bug

bug

bug

calendar

config

contacts

core

core

devops

docker

docs

duplicate

dynamic_login

enhancement

epic

feature

feeds

framework

github

github

gmail_contacts

good first issue

help wanted

history

history

imap

imap_folders

inline_message

installation

keyboard_shortcuts

keyboard_shortcuts

ldap_contacts

mobile

need-ssh-access

new module set

nux

pop3

profiles

pull-request

question

refactor

release

research

saved_searches

smtp

strategic

tags

tests

themes

website

wordpress

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/cypht#13

No description provided.