> - readback: Do not readback AT configuration settings. This would be ideal. What would the major downsides of this be?
> - authoritative-sounding notifications Do we currently (before this proposal) inform the user on which page/origin is causing a certain ARIA node to be read? > We should suppress notifications when focus moves outside of the web content. +1 on that > Maybe only offer this feature to Secure Contexts (instead of 3rd party browsing contexts) +1 on this too Thanks for the clarification on the APIs. If I understand correctly this proposal won't change the API we use or the way we communicate with it, but it might end up opening a more direct channel to use it. My proposal would be to then validate messages encoding (UTF-wise) and limit them in length and character set. Alphanumeric and punctuation should be sufficient for the use case we're trying to address, right? I don't think running the message through parsers would be beneficial, so we can skip that part. On Friday, February 18, 2022 at 11:24:38 PM UTC+1 Sara Tang wrote: > Hi Roberto, thanks for your feedback 🙂 Responses inline: > > ------------------------------ > *From:* Roberto Clapis <[email protected]> > *Sent:* Tuesday, February 8, 2022 9:05 AM > *To:* blink-dev <[email protected]> > *Cc:* Roberto Clapis <[email protected]>; Sara Tang <[email protected]>; > [email protected] <[email protected]>; Daniel Libby < > [email protected]>; [email protected] <[email protected]> > *Subject:* Re: [EXTERNAL] Re: [blink-dev] Re: Intent to Prototype: > Confirmation of Action API > > There is one additional question that was brought forward during the > discussion: > > - What information can be read by the users of this API? This is > mentioned in the security concerns but it doesn't seem to be specified > elsewhere. Is this just about learning of an existence of a AT or is this > some additional info? > > > - Here are some security concerns and possible mitigations. These are > also re-iterated in the "Privacy and Security Considerations" section of > the proposal: > - - readback: Do not readback AT configuration settings. Doing so > makes the user an easier target for fingerprinting. > - - authoritative-sounding notifications: announcements can be crafted > to deceive the user. We should suppress notifications when focus moves > outside of the web content. > - - Maybe only offer this feature to Secure Contexts (instead of 3rd party > browsing contexts) > > > On Tuesday, February 8, 2022 at 11:06:43 AM UTC+1 Roberto Clapis wrote: > > Hi All, > > During a discussion about this proposal a few concerns were raised: > > > - What pipeline of data would be used to pass the new messages to a > potential screen-reader? Would screen-readers need to implement a new API > or would this use pre-existing ones? > > > - A small nuance: screen-readers do not implement APIs, they consume > ones that are exported by the Web Platform. > - - In the case of Windows systems, we use the UIA notifications API > to pass information along to screen-readers. > - - In the case for other systems, we can hijack the existing ARIA > live regions implemenation. In the case where the confirmation of action > API is called without a DOM element/ARIA node, we can attach the > announcement to an internal "root" node instead. > > > - Does this new API allow pages to have a more direct or a less > restricted way to pass data to a screen reader? > > > - Less restrictive; possible restrictions we'll need to employ are > listed in the next response. > > > - Would this API allow potential attackers to use different character > sets or might this allow them to pass potentially malformed data to screen > readers that was not possible to pass before? > > > - Here are some possible mitigations we have for this scenario: > - - Truncating strings, employing a max queue length > - - Restricting to alphanumeric input. > - - Running the announcement-text through a > HTML-parser/DOM-parser/setInnerHtml or similar JS API > > > > > - If a pre-existing channel is used to communicate with the screen > reader (e.g. already existing APIs) how would a user distinguish this new > mechanism from content on the page? > > > - I don't think it's necessary for the user to distinguish between > different screen-announcing APIs. Is there a particular scenario you are > thinking of where a distinction would be needed? > > Thanks in advance, > Rob > > > > On Wednesday, February 2, 2022 at 1:05:58 AM UTC+1 Sara Tang wrote: > > Good suggestion Yaov! I've opened one here: Review request for > Confirmation of Action API · Issue #713 · w3ctag/design-reviews (github.com) > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3ctag%2Fdesign-reviews%2Fissues%2F713&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399593658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lsVh4SiL6qRcNXChcBKu%2FSd570FF65I6J%2BvkAWpWhA4%3D&reserved=0> > ------------------------------ > *From:* Yoav Weiss <[email protected]> > *Sent:* Monday, January 31, 2022 6:33 AM > *To:* Sara Tang <[email protected]> > *Cc:* [email protected] <[email protected]>; Daniel Libby < > [email protected]> > *Subject:* [EXTERNAL] Re: [blink-dev] Re: Intent to Prototype: > Confirmation of Action API > > > > On Sat, Jan 29, 2022 at 1:27 AM 'Sara Tang' via blink-dev < > [email protected]> wrote: > > +Daniel Libby > ------------------------------ > *From:* Sara Tang > *Sent:* Friday, January 28, 2022 4:26 PM > *To:* [email protected] <[email protected]> > *Subject:* Intent to Prototype: Confirmation of Action API > > Contact emails [email protected] > > Explainer https://github.com/WICG/aom/blob/gh-pages/notification-api.md > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Faom%2Fblob%2Fgh-pages%2Fnotification-api.md&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399593658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lnxqPAw92p%2FOzBzVbk5qpZPUVQ%2FLxLSu8bbq1ZQHLY8%3D&reserved=0> > > Specification > > Summary > > This effort aims to create a JavaScript API so that developers can better > notify AT users of actions/changes to a webpage not necessarily tied to UI > elements. > > > Blink component Blink>Accessibility > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Flist%3Fq%3Dcomponent%3ABlink%253EAccessibility&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pyhc0zrO%2FAQcuRIFDFa7MaTDJkpVV1rGI%2BReYfayJfA%3D&reserved=0> > > Motivation > > Currently the only mechanism available today that communicates content > changes in a web app down to the accessibility layer is via ARIA live > regions. One major limitation to ARIA live regions is that they assume the > change to a webpage is tied to a DOM element. This leads to content authors > employing various inefficient or inconsistent tricks and hacks to notify of > changes that are not associated with the DOM. We propose a separate > notification API to address these scenarios, called Confirmation of Action. > > > Initial public proposal > https://github.com/WICG/aom/blob/gh-pages/notification-api.md > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Faom%2Fblob%2Fgh-pages%2Fnotification-api.md&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Utdqkf6osdvM701LdItxJyCz%2BkB05Ivp9WmJpa3XEVE%3D&reserved=0> > > TAG review > > > Just wanted to note that it seems worthwhile to file for an early TAG > review. > > > TAG review status Pending > > Risks > > > Interoperability and Compatibility > > > > *Gecko*: No signal > > *WebKit*: No signal > > *Web developers*: Positive (https://github.com/w3c/aria/issues/832 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Faria%2Fissues%2F832&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vEOF1ZpRgRARIO1oXilfH6pWtUqQSadVNArg6%2BrDsnU%3D&reserved=0> > ) > > *Other signals*: > > > Debuggability > > TBD > > > Is this feature fully tested by web-platform-tests > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Fmaster%2Fdocs%2Ftesting%2Fweb_platform_tests.md&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=nmYZtprpjCovYbEYNgfGyPw3%2FOWdU%2F9lJ8b0htdDW4w%3D&reserved=0> > ? No > > Flag name --enable-blink-features=ConfirmationOfAction > > Requires code in //chrome? False > > Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1291098 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D1291098&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LD6xLDjdbYVL4ggC0TP8DOQEYWmG3HF9EJxJ6%2BoflDs%3D&reserved=0> > > Estimated milestones > > No milestones specified > > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/5745430754230272 > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2Ffeature%2F5745430754230272&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GdlQz6HpxpK3KwL42QX1vhsZ1N7IgVURJcB2UhKeZFc%3D&reserved=0> > > This intent message was generated by Chrome Platform Status > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2F&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YD%2BpkB43eegC2qoL7eHPF%2BmScC%2BoDZINmdypBZVhrh4%3D&reserved=0> > . > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CH2PR00MB06809C5589E8FD6848CF5E09F2239%40CH2PR00MB0680.namprd00.prod.outlook.com > > <https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fd%2Fmsgid%2Fblink-dev%2FCH2PR00MB06809C5589E8FD6848CF5E09F2239%2540CH2PR00MB0680.namprd00.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bh%2BGv3kCIsqH9wqYlLh02HUF8J0b7rBRM2VBf01toFg%3D&reserved=0> > . > > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b69d29a7-e26d-4d75-836a-ededbb092dbfn%40chromium.org.
