138106 2014-10-27 15:00:05 -0700 AX: input type=hidden is being exposed when aria-hidden=false 2014-10-27 22:39:09 -0700 1 1 1 Unclassified WebKit Accessibility 528+ (Nightly build) All All RESOLVED FIXED InRadar P2 Normal --- 1 cfleizach webkit-unassigned aboxhall apinheiro buildbot commit-queue dmazzoni jcraig jdiggs mario rniwa samuel_white webkit-bug-importer oldest_to_newest 1044344 0 cfleizach 2014-10-27 15:00:05 -0700 If someone sticks a input type=hidden inside an aria-hidden=false region, then that will be exposed as a text field <rdar://problem/18534039> 1044351 1 240509 cfleizach 2014-10-27 15:47:58 -0700 Created attachment 240509 patch 1044362 2 240509 benjamin 2014-10-27 17:20:18 -0700 Comment on attachment 240509 patch View in context: https://bugs.webkit.org/attachment.cgi?id=240509&action=review > LayoutTests/accessibility/input-type-hidden-in-aria-hidden-false.html:21 > + var content = accessibilityController.accessibleElementById("content"); > + shouldBe("content.childrenCount", "0"); For coverage I suggest the following: 1) Do not have aria-hidden="false" on #content, test childrenCount 2) Add aria-hidden, test childrenCount 3) Change to aria-hidden=true, test childrenCount 4) Change to aria-hidden=false, test childrenCount That way all cases of [type=hidden] are covered. > LayoutTests/accessibility/input-type-hidden-in-aria-hidden-false.html:23 > + document.getElementById("content").style.visibility = "hidden"; Forgot this? 1044383 3 cfleizach 2014-10-27 18:17:08 -0700 (In reply to comment #2) > Comment on attachment 240509 [details] > patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=240509&action=review > > > LayoutTests/accessibility/input-type-hidden-in-aria-hidden-false.html:21 > > + var content = accessibilityController.accessibleElementById("content"); > > + shouldBe("content.childrenCount", "0"); > > For coverage I suggest the following: > 1) Do not have aria-hidden="false" on #content, test childrenCount > 2) Add aria-hidden, test childrenCount > 3) Change to aria-hidden=true, test childrenCount > 4) Change to aria-hidden=false, test childrenCount > > That way all cases of [type=hidden] are covered. > > > LayoutTests/accessibility/input-type-hidden-in-aria-hidden-false.html:23 > > + document.getElementById("content").style.visibility = "hidden"; > > Forgot this? Thanks! I'll make these changes 1044422 4 cfleizach 2014-10-27 22:39:09 -0700 http://trac.webkit.org/changeset/175241 240509 2014-10-27 15:47:58 -0700 2014-10-27 17:20:18 -0700 patch patch text/plain 4380 cfleizach SW5kZXg6IFNvdXJjZS9XZWJDb3JlL0NoYW5nZUxvZwo9PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBTb3VyY2UvV2Vi Q29yZS9DaGFuZ2VMb2cJKHJldmlzaW9uIDE3NTIzMikKKysrIFNvdXJjZS9XZWJDb3JlL0NoYW5n ZUxvZwkod29ya2luZyBjb3B5KQpAQCAtMSwzICsxLDIwIEBACisyMDE0LTEwLTI3ICBDaHJpcyBG bGVpemFjaCAgPGNmbGVpemFjaEBhcHBsZS5jb20+CisKKyAgICAgICAgQVg6IGlucHV0IHR5cGU9 aGlkZGVuIGlzIGJlaW5nIGV4cG9zZWQgd2hlbiBhcmlhLWhpZGRlbj1mYWxzZQorICAgICAgICBo dHRwczovL2J1Z3Mud2Via2l0Lm9yZy9zaG93X2J1Zy5jZ2k/aWQ9MTM4MTA2CisKKyAgICAgICAg UmV2aWV3ZWQgYnkgTk9CT0RZIChPT1BTISkuCisKKyAgICAgICAgSWYgYW4gaW5wdXQgdHlwZT1o aWRkZW4gd2FzIGluc2lkZSBhbiBhcmlhLWhpZGRlbj1mYWxzZSwgaXQgd291bGQgYXBwZWFyIGJl Y2F1c2UKKyAgICAgICAgdGhlIGxhY2sgb2YgYSBSZW5kZXJPYmplY3QgYmVoaW5kIHRoYXQgb2Jq ZWN0IHdhcyBub3QgYmxvY2tpbmcgaXRzIGFkb3B0aW9uIGludG8gdGhlIEFYIHRyZWUuCisgICAg ICAgIFdlIHNob3VsZCBleHBsaWNpdHkgY2hlY2sgZm9yIHdoZXRoZXIgdGhlIHR5cGUgaXMgaGlk ZGVuIGFuZCB0aGVuIHJldHVybiBhbiBhcHByb3ByaWF0ZSByb2xlLiAKKworICAgICAgICBUZXN0 OiBhY2Nlc3NpYmlsaXR5L2lucHV0LXR5cGUtaGlkZGVuLWluLWFyaWEtaGlkZGVuLWZhbHNlLmh0 bWwKKworICAgICAgICAqIGFjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eU5vZGVPYmplY3QuY3Bw OgorICAgICAgICAoV2ViQ29yZTo6QWNjZXNzaWJpbGl0eU5vZGVPYmplY3Q6OmRldGVybWluZUFj Y2Vzc2liaWxpdHlSb2xlKToKKyAgICAgICAgKFdlYkNvcmU6OkFjY2Vzc2liaWxpdHlOb2RlT2Jq ZWN0Ojpjb21wdXRlQWNjZXNzaWJpbGl0eUlzSWdub3JlZCk6CisKIDIwMTQtMTAtMjcgIEFsZXhl eSBQcm9za3VyeWFrb3YgIDxhcEBhcHBsZS5jb20+CiAKICAgICAgICAgaHR0cC90ZXN0cy9jb29r aWVzL3RoaXJkLXBhcnR5LWNvb2tpZS1yZWxheGluZy5odG1sIGlzIGZsYWt5IG9uIGJvdHMKSW5k ZXg6IFNvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJpbGl0eU5vZGVPYmplY3Qu Y3BwCj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT0KLS0tIFNvdXJjZS9XZWJDb3JlL2FjY2Vzc2liaWxpdHkvQWNjZXNzaWJp bGl0eU5vZGVPYmplY3QuY3BwCShyZXZpc2lvbiAxNzUyMzEpCisrKyBTb3VyY2UvV2ViQ29yZS9h Y2Nlc3NpYmlsaXR5L0FjY2Vzc2liaWxpdHlOb2RlT2JqZWN0LmNwcAkod29ya2luZyBjb3B5KQpA QCAtMzAwLDcgKzMwMCw5IEBACiAgICAgICAgICAgICByZXR1cm4gYnV0dG9uUm9sZVR5cGUoKTsK ICAgICAgICAgaWYgKGlucHV0LmlzUmFuZ2VDb250cm9sKCkpCiAgICAgICAgICAgICByZXR1cm4g U2xpZGVyUm9sZTsKLQorICAgICAgICBpZiAoaW5wdXQuaXNJbnB1dFR5cGVIaWRkZW4oKSkKKyAg ICAgICAgICAgIHJldHVybiBJZ25vcmVkUm9sZTsKKyAgICAgICAgCiAjaWYgRU5BQkxFKElOUFVU X1RZUEVfQ09MT1IpCiAgICAgICAgIGNvbnN0IEF0b21pY1N0cmluZyYgdHlwZSA9IGlucHV0Lmdl dEF0dHJpYnV0ZSh0eXBlQXR0cik7CiAgICAgICAgIGlmIChlcXVhbElnbm9yaW5nQ2FzZSh0eXBl LCAiY29sb3IiKSkKQEAgLTQzNCw2ICs0MzYsOSBAQAogICAgIGlmIChpc0Rlc2NlbmRhbnRPZkJh cnJlblBhcmVudCgpKQogICAgICAgICByZXR1cm4gdHJ1ZTsKIAorICAgIGlmIChyb2xlVmFsdWUo KSA9PSBJZ25vcmVkUm9sZSkKKyAgICAgICAgcmV0dXJuIHRydWU7CisgICAgCiAgICAgcmV0dXJu IG1fcm9sZSA9PSBVbmtub3duUm9sZTsKIH0KIApJbmRleDogTGF5b3V0VGVzdHMvQ2hhbmdlTG9n Cj09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT0KLS0tIExheW91dFRlc3RzL0NoYW5nZUxvZwkocmV2aXNpb24gMTc1MjMyKQor KysgTGF5b3V0VGVzdHMvQ2hhbmdlTG9nCSh3b3JraW5nIGNvcHkpCkBAIC0xLDMgKzEsMTMgQEAK KzIwMTQtMTAtMjcgIENocmlzIEZsZWl6YWNoICA8Y2ZsZWl6YWNoQGFwcGxlLmNvbT4KKworICAg ICAgICBBWDogaW5wdXQgdHlwZT1oaWRkZW4gaXMgYmVpbmcgZXhwb3NlZCB3aGVuIGFyaWEtaGlk ZGVuPWZhbHNlCisgICAgICAgIGh0dHBzOi8vYnVncy53ZWJraXQub3JnL3Nob3dfYnVnLmNnaT9p ZD0xMzgxMDYKKworICAgICAgICBSZXZpZXdlZCBieSBOT0JPRFkgKE9PUFMhKS4KKworICAgICAg ICAqIGFjY2Vzc2liaWxpdHkvaW5wdXQtdHlwZS1oaWRkZW4taW4tYXJpYS1oaWRkZW4tZmFsc2Ut ZXhwZWN0ZWQudHh0OiBBZGRlZC4KKyAgICAgICAgKiBhY2Nlc3NpYmlsaXR5L2lucHV0LXR5cGUt aGlkZGVuLWluLWFyaWEtaGlkZGVuLWZhbHNlLmh0bWw6IEFkZGVkLgorCiAyMDE0LTEwLTI3ICBB bGV4ZXkgUHJvc2t1cnlha292ICA8YXBAYXBwbGUuY29tPgogCiAgICAgICAgIGh0dHAvdGVzdHMv Y29va2llcy90aGlyZC1wYXJ0eS1jb29raWUtcmVsYXhpbmcuaHRtbCBpcyBmbGFreSBvbiBib3Rz CkluZGV4OiBMYXlvdXRUZXN0cy9hY2Nlc3NpYmlsaXR5L2lucHV0LXR5cGUtaGlkZGVuLWluLWFy aWEtaGlkZGVuLWZhbHNlLWV4cGVjdGVkLnR4dAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9h Y2Nlc3NpYmlsaXR5L2lucHV0LXR5cGUtaGlkZGVuLWluLWFyaWEtaGlkZGVuLWZhbHNlLWV4cGVj dGVkLnR4dAkocmV2aXNpb24gMCkKKysrIExheW91dFRlc3RzL2FjY2Vzc2liaWxpdHkvaW5wdXQt dHlwZS1oaWRkZW4taW4tYXJpYS1oaWRkZW4tZmFsc2UtZXhwZWN0ZWQudHh0CSh3b3JraW5nIGNv cHkpCkBAIC0wLDAgKzEsMTAgQEAKK1RoaXMgdGVzdHMgdGhhdCBpbnB1dCB0eXBlIG9mIGhpZGRl biBhcmUgbm90IGV4cG9zZWQgd2hlbiBhcmlhLWhpZGRlbj1mYWxzZQorCitPbiBzdWNjZXNzLCB5 b3Ugd2lsbCBzZWUgYSBzZXJpZXMgb2YgIlBBU1MiIG1lc3NhZ2VzLCBmb2xsb3dlZCBieSAiVEVT VCBDT01QTEVURSIuCisKKworUEFTUyBjb250ZW50LmNoaWxkcmVuQ291bnQgaXMgMAorUEFTUyBz dWNjZXNzZnVsbHlQYXJzZWQgaXMgdHJ1ZQorCitURVNUIENPTVBMRVRFCisKSW5kZXg6IExheW91 dFRlc3RzL2FjY2Vzc2liaWxpdHkvaW5wdXQtdHlwZS1oaWRkZW4taW4tYXJpYS1oaWRkZW4tZmFs c2UuaHRtbAo9PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09PT09 PT09PT09PT09PT09PT09PT09Ci0tLSBMYXlvdXRUZXN0cy9hY2Nlc3NpYmlsaXR5L2lucHV0LXR5 cGUtaGlkZGVuLWluLWFyaWEtaGlkZGVuLWZhbHNlLmh0bWwJKHJldmlzaW9uIDApCisrKyBMYXlv dXRUZXN0cy9hY2Nlc3NpYmlsaXR5L2lucHV0LXR5cGUtaGlkZGVuLWluLWFyaWEtaGlkZGVuLWZh bHNlLmh0bWwJKHdvcmtpbmcgY29weSkKQEAgLTAsMCArMSwzMCBAQAorPCFET0NUWVBFIEhUTUwg UFVCTElDICItLy9JRVRGLy9EVEQgSFRNTC8vRU4iPgorPGh0bWw+Cis8aGVhZD4KKzxzY3JpcHQg c3JjPSIuLi9yZXNvdXJjZXMvanMtdGVzdC1wcmUuanMiPjwvc2NyaXB0PgorPC9oZWFkPgorPGJv ZHkgaWQ9ImJvZHkiPgorCis8ZGl2IGlkPSJjb250ZW50IiByb2xlPSJncm91cCIgYXJpYS1oaWRk ZW49ImZhbHNlIj4KKyAgIDxpbnB1dCB0eXBlPSJoaWRkZW4iPgorPC9kaXY+CisKKzxwIGlkPSJk ZXNjcmlwdGlvbiI+PC9wPgorPGRpdiBpZD0iY29uc29sZSI+PC9kaXY+CisKKzxzY3JpcHQ+CisK KyAgICBkZXNjcmlwdGlvbigiVGhpcyB0ZXN0cyB0aGF0IGlucHV0IHR5cGUgb2YgaGlkZGVuIGFy ZSBub3QgZXhwb3NlZCB3aGVuIGFyaWEtaGlkZGVuPWZhbHNlIik7CisKKyAgICBpZiAod2luZG93 LmFjY2Vzc2liaWxpdHlDb250cm9sbGVyKSB7CisgICAgICAgICAgdmFyIGNvbnRlbnQgPSBhY2Nl c3NpYmlsaXR5Q29udHJvbGxlci5hY2Nlc3NpYmxlRWxlbWVudEJ5SWQoImNvbnRlbnQiKTsKKyAg ICAgICAgICBzaG91bGRCZSgiY29udGVudC5jaGlsZHJlbkNvdW50IiwgIjAiKTsKKworICAgICAg ICAgIGRvY3VtZW50LmdldEVsZW1lbnRCeUlkKCJjb250ZW50Iikuc3R5bGUudmlzaWJpbGl0eSA9 ICJoaWRkZW4iOworICAgIH0KKworPC9zY3JpcHQ+CisKKzxzY3JpcHQgc3JjPSIuLi9yZXNvdXJj ZXMvanMtdGVzdC1wb3N0LmpzIj48L3NjcmlwdD4KKzwvYm9keT4KKzwvaHRtbD4K