Re: [pgAdmin][RM4772][Accessibility] Provide aria-label to an invisible label where a visible label cannot be used

public inbox for [email protected]  
help / color / mirror / Atom feed

From: Aditya Toshniwal <[email protected]>
To: Akshay Joshi <[email protected]>
Cc: pgadmin-hackers <[email protected]>
Subject: Re: [pgAdmin][RM4772][Accessibility] Provide aria-label to an invisible label where a visible label cannot be used
Date: Wed, 4 Dec 2019 15:00:15 +0530
Message-ID: <CAM9w-_mg+_gPEp0cz=PAnZJCOSBYrd4S-wu9u-+q9UFdo0zN6w@mail.gmail.com> (raw)
In-Reply-To: <CANxoLDdeVj8vVPOjEFuTSMO0tw1m3zdJzTqfH2fhcU3d_bUXKA@mail.gmail.com>
References: <CAM9w-_kbux3pL4JT=8XA20BLk6=L3qXWNP8d4EraeA9mdAA3vQ@mail.gmail.com>
	<CANxoLDdeVj8vVPOjEFuTSMO0tw1m3zdJzTqfH2fhcU3d_bUXKA@mail.gmail.com>

Hi Hackers,

Attached is the patch to fix the feature tests which were failing after the
commit. The reason being, the span elements which was used to show
properties tab data is changed to input now as per accessibility
requirements. Also, there is no way now to check XSS of input because the
input tags returns the original value on extracting the value attribute and
not the escaped value. Previously, the value was HTML element under the
span tag.
Not to worry, input is escaped and is XSS free, handled in underscore
templates.

On Tue, Dec 3, 2019 at 12:48 PM Akshay Joshi <[email protected]>
wrote:

> Thanks, patch applied.
>
> On Tue, Dec 3, 2019 at 11:39 AM Aditya Toshniwal <
> [email protected]> wrote:
>
>> Hi Hackers,
>>
>> Attached is the patch to add label and aria-label wherever applicable.
>> The patch also fixes few other accessibility related errors raised by
>> "WAVE" extension of Chrome.
>>
>> Kindly review.
>>
>> --
>> Thanks and Regards,
>> Aditya Toshniwal
>> Sr. Software Engineer | EnterpriseDB India | Pune
>> "Don't Complain about Heat, Plant a TREE"
>>
>
>
> --
> *Thanks & Regards*
> *Akshay Joshi*
>
> *Sr. Software Architect*
> *EnterpriseDB Software India Private Limited*
> *Mobile: +91 976-788-8246*
>


-- 
Thanks and Regards,
Aditya Toshniwal
Sr. Software Engineer | EnterpriseDB India | Pune
"Don't Complain about Heat, Plant a TREE"


Attachments:

  [application/octet-stream] RM4772.feature.patch (2.0K, 3-RM4772.feature.patch)
  download | inline diff:
diff --git a/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py b/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py
index 15aad7be9..71b58c013 100644
--- a/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py
+++ b/web/pgadmin/feature_tests/xss_checks_panels_and_query_tool_test.py
@@ -64,7 +64,6 @@ class CheckForXssFeatureTest(BaseFeatureTest):
         self.page.add_server(self.server)
         self._tables_node_expandable()
         self._check_xss_in_browser_tree()
-        self._check_xss_in_properties_tab()
         self._check_xss_in_sql_tab()
 
         # sometime the tab for dependent does not show info, so refreshing
@@ -121,21 +120,6 @@ class CheckForXssFeatureTest(BaseFeatureTest):
             "Browser tree"
         )
 
-    def _check_xss_in_properties_tab(self):
-        print(
-            "\n\tChecking the Properties tab for XSS vulnerabilities",
-            file=sys.stderr, end=""
-        )
-        self.page.click_tab("Properties")
-        source_code = self.page.find_by_xpath(
-            "//span[contains(@class,'uneditable-input')]"
-        ).get_attribute('innerHTML')
-        self._check_escaped_characters(
-            source_code,
-            "&lt;h1&gt;X",
-            "Properties tab (Backform Control)"
-        )
-
     def _check_xss_in_sql_tab(self):
         print(
             "\n\tChecking the SQL tab for for XSS vulnerabilities",
diff --git a/web/regression/feature_utils/pgadmin_page.py b/web/regression/feature_utils/pgadmin_page.py
index 09fc30ac8..d3b089832 100644
--- a/web/regression/feature_utils/pgadmin_page.py
+++ b/web/regression/feature_utils/pgadmin_page.py
@@ -977,7 +977,7 @@ class PgadminPage:
         def element_if_it_exists(driver):
             try:
                 element = find_method_with_args(driver)
-                if element.is_displayed() and element.is_enabled():
+                if element.is_displayed():
                     return True
             except (NoSuchElementException, StaleElementReferenceException):
                 return False

view thread (4+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: [pgAdmin][RM4772][Accessibility] Provide aria-label to an invisible label where a visible label cannot be used
  In-Reply-To: <CAM9w-_mg+_gPEp0cz=PAnZJCOSBYrd4S-wu9u-+q9UFdo0zN6w@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox