[x] Information has been included about the website's requirements (eg. screenshots, error messages, steps during experimentation, etc.)
[x] The PR isn't documenting something that would be a common practice among password managers (e.g. minimal length of 6)
Notes
This PR adds gap.com. Also covers oldnavy.gap.com, bananarepublic.gap.com, and athleta.gap.com. Unless required, I'm not including a shared credential since the relevant root domains resolve to these gap.com subdomains (i.e. oldnavy.com redirects to oldnavy.gap.com) when creating an account or logging in.
The Password Rules Validation Tool reorders the symbols, but I retained the same order shown on the screenshot.
I verified manually that the listed symbols in the screenshot are accepted
All other special characters are not allowed at all. Including a disallowed special character invalidates the special requirement even if a valid special is included. I debated about whether this meant I should include a duplicative allowed specification for clarity. Let me know if it should be there and I'll add it.
Screenshot
Account creation page with password rules displayed
Overall Checklist
for password-rules.json
Notes
Screenshot
Account creation page with password rules displayed