Hi Roberto, thanks for your feedback 🙂 Responses inline: ________________________________ From: Roberto Clapis <c...@google.com> Sent: Tuesday, February 8, 2022 9:05 AM To: blink-dev <blink-dev@chromium.org> Cc: Roberto Clapis <c...@google.com>; Sara Tang <sara.t...@microsoft.com>; blin...@chromium.org <blink-dev@chromium.org>; Daniel Libby <dli...@microsoft.com>; yoav...@chromium.org <yoavwe...@chromium.org> Subject: Re: [EXTERNAL] Re: [blink-dev] Re: Intent to Prototype: Confirmation of Action API
There is one additional question that was brought forward during the discussion: * What information can be read by the users of this API? This is mentioned in the security concerns but it doesn't seem to be specified elsewhere. Is this just about learning of an existence of a AT or is this some additional info? * Here are some security concerns and possible mitigations. These are also re-iterated in the "Privacy and Security Considerations" section of the proposal: * - readback: Do not readback AT configuration settings. Doing so makes the user an easier target for fingerprinting. * - authoritative-sounding notifications: announcements can be crafted to deceive the user. We should suppress notifications when focus moves outside of the web content. * - Maybe only offer this feature to Secure Contexts (instead of 3rd party browsing contexts) On Tuesday, February 8, 2022 at 11:06:43 AM UTC+1 Roberto Clapis wrote: Hi All, During a discussion about this proposal a few concerns were raised: * What pipeline of data would be used to pass the new messages to a potential screen-reader? Would screen-readers need to implement a new API or would this use pre-existing ones? * A small nuance: screen-readers do not implement APIs, they consume ones that are exported by the Web Platform. * - In the case of Windows systems, we use the UIA notifications API to pass information along to screen-readers. * - In the case for other systems, we can hijack the existing ARIA live regions implemenation. In the case where the confirmation of action API is called without a DOM element/ARIA node, we can attach the announcement to an internal "root" node instead. * Does this new API allow pages to have a more direct or a less restricted way to pass data to a screen reader? * Less restrictive; possible restrictions we'll need to employ are listed in the next response. * Would this API allow potential attackers to use different character sets or might this allow them to pass potentially malformed data to screen readers that was not possible to pass before? * Here are some possible mitigations we have for this scenario: * - Truncating strings, employing a max queue length * - Restricting to alphanumeric input. * - Running the announcement-text through a HTML-parser/DOM-parser/setInnerHtml or similar JS API * If a pre-existing channel is used to communicate with the screen reader (e.g. already existing APIs) how would a user distinguish this new mechanism from content on the page? * I don't think it's necessary for the user to distinguish between different screen-announcing APIs. Is there a particular scenario you are thinking of where a distinction would be needed? Thanks in advance, Rob On Wednesday, February 2, 2022 at 1:05:58 AM UTC+1 Sara Tang wrote: Good suggestion Yaov! I've opened one here: Review request for Confirmation of Action API · Issue #713 · w3ctag/design-reviews (github.com)<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3ctag%2Fdesign-reviews%2Fissues%2F713&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399593658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lsVh4SiL6qRcNXChcBKu%2FSd570FF65I6J%2BvkAWpWhA4%3D&reserved=0> ________________________________ From: Yoav Weiss <yoav...@chromium.org> Sent: Monday, January 31, 2022 6:33 AM To: Sara Tang <sara...@microsoft.com> Cc: blin...@chromium.org <blin...@chromium.org>; Daniel Libby <dli...@microsoft.com> Subject: [EXTERNAL] Re: [blink-dev] Re: Intent to Prototype: Confirmation of Action API On Sat, Jan 29, 2022 at 1:27 AM 'Sara Tang' via blink-dev <blin...@chromium.org> wrote: +Daniel Libby ________________________________ From: Sara Tang Sent: Friday, January 28, 2022 4:26 PM To: blin...@chromium.org <blin...@chromium.org> Subject: Intent to Prototype: Confirmation of Action API Contact emails sar...@microsoft.com Explainer https://github.com/WICG/aom/blob/gh-pages/notification-api.md<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Faom%2Fblob%2Fgh-pages%2Fnotification-api.md&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399593658%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=lnxqPAw92p%2FOzBzVbk5qpZPUVQ%2FLxLSu8bbq1ZQHLY8%3D&reserved=0> Specification Summary This effort aims to create a JavaScript API so that developers can better notify AT users of actions/changes to a webpage not necessarily tied to UI elements. Blink component Blink>Accessibility<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Flist%3Fq%3Dcomponent%3ABlink%253EAccessibility&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=pyhc0zrO%2FAQcuRIFDFa7MaTDJkpVV1rGI%2BReYfayJfA%3D&reserved=0> Motivation Currently the only mechanism available today that communicates content changes in a web app down to the accessibility layer is via ARIA live regions. One major limitation to ARIA live regions is that they assume the change to a webpage is tied to a DOM element. This leads to content authors employing various inefficient or inconsistent tricks and hacks to notify of changes that are not associated with the DOM. We propose a separate notification API to address these scenarios, called Confirmation of Action. Initial public proposal https://github.com/WICG/aom/blob/gh-pages/notification-api.md<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2FWICG%2Faom%2Fblob%2Fgh-pages%2Fnotification-api.md&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=Utdqkf6osdvM701LdItxJyCz%2BkB05Ivp9WmJpa3XEVE%3D&reserved=0> TAG review Just wanted to note that it seems worthwhile to file for an early TAG review. TAG review status Pending Risks Interoperability and Compatibility Gecko: No signal WebKit: No signal Web developers: Positive (https://github.com/w3c/aria/issues/832<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgithub.com%2Fw3c%2Faria%2Fissues%2F832&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=vEOF1ZpRgRARIO1oXilfH6pWtUqQSadVNArg6%2BrDsnU%3D&reserved=0>) Other signals: Debuggability TBD Is this feature fully tested by web-platform-tests<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromium.googlesource.com%2Fchromium%2Fsrc%2F%2B%2Fmaster%2Fdocs%2Ftesting%2Fweb_platform_tests.md&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=nmYZtprpjCovYbEYNgfGyPw3%2FOWdU%2F9lJ8b0htdDW4w%3D&reserved=0>? No Flag name --enable-blink-features=ConfirmationOfAction Requires code in //chrome? False Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1291098<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fbugs.chromium.org%2Fp%2Fchromium%2Fissues%2Fdetail%3Fid%3D1291098&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=LD6xLDjdbYVL4ggC0TP8DOQEYWmG3HF9EJxJ6%2BoflDs%3D&reserved=0> Estimated milestones No milestones specified Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5745430754230272<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2Ffeature%2F5745430754230272&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=GdlQz6HpxpK3KwL42QX1vhsZ1N7IgVURJcB2UhKeZFc%3D&reserved=0> This intent message was generated by Chrome Platform Status<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fchromestatus.com%2F&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=YD%2BpkB43eegC2qoL7eHPF%2BmScC%2BoDZINmdypBZVhrh4%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CH2PR00MB06809C5589E8FD6848CF5E09F2239%40CH2PR00MB0680.namprd00.prod.outlook.com<https://nam06.safelinks.protection.outlook.com/?url=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fd%2Fmsgid%2Fblink-dev%2FCH2PR00MB06809C5589E8FD6848CF5E09F2239%2540CH2PR00MB0680.namprd00.prod.outlook.com%3Futm_medium%3Demail%26utm_source%3Dfooter&data=04%7C01%7CSara.Tang%40microsoft.com%7Cf431134001a745dcb4c208d9eb2540f4%7C72f988bf86f141af91ab2d7cd011db47%7C0%7C0%7C637799369399643648%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=bh%2BGv3kCIsqH9wqYlLh02HUF8J0b7rBRM2VBf01toFg%3D&reserved=0>. -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/MN2PR00MB068724C50B251EA6FC61EA84F2379%40MN2PR00MB0687.namprd00.prod.outlook.com.
