Page MenuHomePhabricator

Permit aria-hidden="true" in Sanitizer
Closed, ResolvedPublic

Description

The HTML attribute aria-hidden="true" should be whitelisted in https://phabricator.wikimedia.org/source/mediawiki/browse/master/includes/parser/Sanitizer.php$832 around line 832.

The effect is supposed to be rather similar to role="presentation" but the semantics are slightly different.

Elements which are repeating information already available but confusing for blind people shall be suppressed entirely.

A typical case is an eye-catching icon. That might be sufficient to explain the functionality completely for those who can see it, and such readers might ignore the textual description nearby. When listening the screenreader the icon will be mentioned and explained by name, but that does not tell anything. Such elements shall be omitted, focussing now on the remaining textual instructions. However, it is not always a presentational role.

While role="presentation" is intended for decorative elements, like images and lines, aria-hidden="true" shall suppress less important annotations, amendments, notes, which are confusing and related by optical position but not joined to what they shall extend, perhaps a joke or quote.

This is a follow-up of T26659.

Related Objects

Mentioned In
T240054: Move top level namespace from Parsoid to Wikimedia\Parsoid
T238845: Call to a member function serialize() on null
T235307: Stop using the Env class outside of the Parsoid library (particularly in the extension REST handlers)
T235273: Remove PHPUtils::jsSort routine (or make it no-op) once Parsoid/JS is retired
T242746: Update ParsoidExtensionAPI to be a coherent and functional extension API to aid extension implementations
T244413: PHP Warning: Use of undefined constant PAGE_UNAVAILABLE - assumed 'PAGE_UNAVAILABLE' (this will throw an Error in a future version of PHP)
T244412: PHP Warning: A non-numeric value encountered
T224445: Permit hidden attribute in Sanitizer
Mentioned Here
T235273: Remove PHPUtils::jsSort routine (or make it no-op) once Parsoid/JS is retired
T235307: Stop using the Env class outside of the Parsoid library (particularly in the extension REST handlers)
T238845: Call to a member function serialize() on null
T240054: Move top level namespace from Parsoid to Wikimedia\Parsoid
T242746: Update ParsoidExtensionAPI to be a coherent and functional extension API to aid extension implementations
T244412: PHP Warning: A non-numeric value encountered
T244413: PHP Warning: Use of undefined constant PAGE_UNAVAILABLE - assumed 'PAGE_UNAVAILABLE' (this will throw an Error in a future version of PHP)
rGPAR612106d2f3a0: Use extension config option for html2wt formatting of extension tags
T26659: Whitelist additional values for the WAI-ARIA role attribute on certain elements in wikitext

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 17 2018, 10:46 PM
Aklapper updated the task description. (Show Details)

Sounds reasonable!

Izno moved this task from Unsorted to ARIA on the Accessibility board.Sep 22 2018, 6:02 PM
sbassett triaged this task as Medium priority.Oct 4 2019, 5:30 PM
sbassett removed a project: Security-Team.

Change 540931 had a related patch set uploaded (by C. Scott Ananian; owner: C. Scott Ananian):
[mediawiki/core@master] Whitelist aria-hidden attribute in Sanitizer

https://gerrit.wikimedia.org/r/540931

Change 540932 had a related patch set uploaded (by C. Scott Ananian; owner: C. Scott Ananian):
[mediawiki/services/parsoid@master] Whitelist aria-hidden attribute in Sanitizer

https://gerrit.wikimedia.org/r/540932

Change 540931 merged by jenkins-bot:
[mediawiki/core@master] Whitelist aria-hidden attribute in Sanitizer

https://gerrit.wikimedia.org/r/540931

Change 540932 merged by jenkins-bot:
[mediawiki/services/parsoid@master] Whitelist aria-hidden attribute in Sanitizer

https://gerrit.wikimedia.org/r/540932

cscott closed this task as Resolved.Jan 28 2020, 11:10 PM
cscott claimed this task.
TheDJ added a subscriber: TheDJ.Feb 10 2020, 11:21 PM

Technically, role=presentation removes semantic meaning from dom elements and its children (makes a table not be a table), while aria-hidden removes 'content' from the accessibility dom tree.

That’s entirely right. For a single image (like an icon) the effect is the same.

However, for “Quote of the day” or “Did you know?“ and other distracting things text content is not affected by role=. Those are the actual targets of this task.

Note that WAI 1.1 is deprecating role="presentation" in favour of role="none" introduced recently.

  • Since blind users are even more reluctant to change a running system and cannot easily learn software changes, old systems are expected to be used for more than a decade.
  • role="presentation none" is supposed to overcome migration problems, but it is not clear whether old software would understand such a space separated list since traditionally only one keyword has been assigned.
  • role="presentation" will be maintained by new software anyway; it is the safest approach to keep exactly that for a long period.