Updating information on a page without a page refresh can be confusing to some users of AT (assistive technology), the user may have no idea that information has been updated.
ARIA (accessible rich internet applications, a W3C draft recommendation) provides a live region role that communicates these updates through the browser to AT.
On the user profile > edit page password strength and password matching is updated by ajax without a page refresh.
Recommendation
Add ARIA live region roles to the containers for the password strength and matching information. This is found in modules/user/user.js
Resources
WAI-ARIA Overview - http://www.w3.org/WAI/intro/aria.php
Set of ARIA Test Cases - CodeTalks (Live Regions) - http://wiki.codetalks.org/wiki/index.php/Set_of_ARIA_Test_Cases#aria-live
Web Accessibility Initiative (WAI) home page - http://www.w3.org/WAI/
Comment | File | Size | Author |
---|---|---|---|
#15 | issue-521904-aria-password-match.patch | 1.08 KB | Everett Zufelt |
#3 | password_aria_1.patch | 1.06 KB | mgifford |
Comments
Comment #1
Everett Zufelt CreditAttribution: Everett Zufelt commentedSetting to postponed until #331893: Add colouring (and description) to password checker gets committed to head.
Comment #2
mgiffordThis is now committed to head - http://drupal.org/node/331893#comment-2065466
Comment #3
mgiffordIs this essentially a matter of adding in the aria attribute 'aria-live="polite"' in the right place?
If so I think that this is the patch. Needs to be tested with AT though.
Comment #5
mgiffordtesting if the bot was bust
Comment #6
mgiffordI ran the CSS Unit Tests locally after applying the patches without problem.
Comment #7
mgiffordSame problem as here - http://drupal.org/node/515262
Maybe the simpletest doesn't like ARIA
Comment #9
mgiffordI've got this code up on our sandbox here - http://drupal7.dev.openconcept.ca
It essentially adds aria-live="polite" to the jQuery password validator:
This seems like it's a no-brainer to get into core, but we need some more reviews.
Comment #10
bowersox CreditAttribution: bowersox commented+1 for this fix. The code is clean and the tests have been passing for a while (I'll do another re-test to confirm again).
However, I haven't tested this in a screenreader to confirm that it works, so I agree that we should get some further review.
Comment #12
pratikp1 CreditAttribution: pratikp1 commentedTested with JAWS and NVDA. The ARIA live region implementation now allows screen readers to announce password strength as screen update occurs.
Comment #13
Dries CreditAttribution: Dries commentedCommitted to CVS HEAD. Thanks.
Comment #14
Everett Zufelt CreditAttribution: Everett Zufelt commentedGlad to see this in core. I think that this live region should be set to assertive instead of polite. Any thoughts?
See: http://www.w3.org/TR/wai-aria/states_and_properties#aria-live
Comment #15
Everett Zufelt CreditAttribution: Everett Zufelt commentedSmall little patch to correct the aria-live attribute from "polite" to "assertive". The "assertive" attribute is recommended by ARIA 1.0 for situations like same-time form field validation. See linked reference in #14 above.
Comment #16
pratikp1 CreditAttribution: pratikp1 commentedAgreed. Depending on Screen reader settings, polite is not going to be sufficient to alert the user unless he/she knows that the password strength changes. Polite provides a passive alert. In this case, assertive is appropriate. I have tested the patch on a dev sandbox and prefer the assertive behavior over polite—especially considering the needs of novice users.
Comment #17
mgiffordThanks for catching this Everett! I've been looking for example cases and not finding any. It makes sense that an alert would be sent immediately to a user when the password is properly entered and that the AT device not politely wait until the next convenient opportunity to convey this to the user.
Comment #18
Everett Zufelt CreditAttribution: Everett Zufelt commentedSetting back to needs review so patch can be tested by bots.
Comment #19
mgiffordYa, the bot's back! Great to see this get corrected.
Comment #20
Dries CreditAttribution: Dries commentedCommitted. Thanks.
Comment #23
Liam MorlandComment #24
mgifford