Is there a definitive list of non-alphanumeric characters that fulfill the password policy setting to Require a non-alphanumeric character? Or, is there at least some enumeration or definition of characters that don’t fulfill the policy?
The list of examples in that reference article, ; , " ' ? < > { } & ^ % $ # @ ! * . / - + = ~ ,, is seemingly non-exhaustive. In spot-checking other characters in an Input element set to Check the password while typing, I observe qualifying characters omitted from the examples, such as ()\| and even an emoji (😀), as well as at least one character that doesn’t qualify, :.
Latin alphabet letters with diacriticals, such as é ñ, seem to quality as non-alphanumeric characters. That’s counterintuitive, but suggests that Bubble’s validation might be referencing the regex character class “word”, whose letters are limited to the literal A-z ASCII characters. For example, \W.
Underscore seems to qualify as a non-alphanumeric character: _. That’s, of course, intuitive, but of note since that character is lumped together with alphanumeric characters in the regex “word” character class. So, Bubble is seemingly not using the regex \W after all.
It would be great to know precisely how Bubble is validating each of its password policy settings so that we could mimic those tests in communicating to users whether a new password conforms to each policy requirement. Better yet, Bubble could expose for a password input a yes/no property for the input value’s conformance with each policy requirement, just like it already exposes an aggregated password strength property.
