Script and style code inside hidden elements might be included in accessible name
Categories
(Core :: Disability Access APIs, defect)
Tracking
()
People
(Reporter: Jamie, Assigned: Jamie)
References
(Blocks 1 open bug)
Details
Attachments
(1 file)
|
(deleted),
text/x-phabricator-request
|
diannaS
:
approval-mozilla-release+
|
Details |
STR:
- Open this test case:
data:text/html,<div id="hidden" aria-hidden="true"><style>style</style><script>script</script><!-- comment -->content</div><button aria-labelledby="hidden"> - Check the accessible name of the button; e.g. using the Dev Tools accessibility panel or a screen reader.
- Expected: "content"
- Actual: "stylescriptcontent"
I guess nsTextEquivUtils is walking inside style and script elements. Interestingly, it isn't walking inside comment nodes.
|
Assignee | |
Comment 1•1 year ago
|
||
Impact: This is causing a bunch of style content to be reported on GitHub; e.g. the Hide file tree button on the files tab of pull requests. That only started after bug 1826194 because we didn't walk the flat tree before then. However, I suspect that the test case in comment 0 would have triggered this bug before that point, since there's no shadow DOM there.
|
|
Assignee | |
Comment 2•1 year ago
|
||
[Tracking Requested - why for this release]: Although the underlying bug has existed (and been reproducible) for a long time, it has real world impact on GitHub after bug 1826194. This results in screen reader users seeing a lot of hidden code as the label of certain buttons.
I'm not sure if this is too late to get into 116. It's not the end of the world if it can't. I thought I'd flag it just in case.
|
|
Assignee | |
Comment 3•1 year ago
|
||
|
||
Updated•1 year ago
|
|
||
Updated•1 year ago
|
|
||
Comment 5•1 year ago
|
||
| bugherder | ||
|
||
Comment 6•1 year ago
|
||
The patch landed in nightly and beta is affected.
:Jamie, is this bug important enough to require an uplift?
- If yes, please nominate the patch for beta approval.
- If no, please set
status-firefox116towontfix.
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 7•1 year ago
|
||
Comment on attachment 9345503 [details]
Bug 1845228: Never descend into script or style elements when computing the accessible text equivalent of hidden subtrees.
Beta/Release Uplift Approval Request
- User impact if declined: Screen reader users will see a lot of hidden code as the label of certain buttons, including sites such as GitHub.
- Is this code covered by automated tests?: Yes
- Has the fix been verified in Nightly?: Yes
- Needs manual test from QE?: No
- If yes, steps to reproduce:
- List of other uplifts needed: None
- Risk to taking this patch: Low
- Why is the change risky/not risky? (and alternatives if risky): Straightforward check to exclude the problematic elements from accessibility label calculations.
- String changes made/needed:
- Is Android affected?: Yes
|
|
||
Comment 8•1 year ago
|
||
Comment on attachment 9345503 [details]
Bug 1845228: Never descend into script or style elements when computing the accessible text equivalent of hidden subtrees.
Switching flag because we are in RC week
Approved for 116.0rc2
|
|
||
Updated•1 year ago
|
Description
•