- From: Amelia Bellamy-Royds <amelia.bellamy.royds@gmail.com>
- Date: Thu, 31 Mar 2016 18:02:56 -0600
- To: Rich Schwerdtfeger <richschwer@gmail.com>
- Cc: ARIA <public-aria@w3.org>, Joanmarie Diggs <jdiggs@igalia.com>, Mike Cooper <cooper@w3.org>
- Message-ID: <CAFDDJ7xeg3rgCB_4BM=ufgsT8xqX0m1U-7w7W4uYK_CN_DSpjw@mail.gmail.com>
After some off-list discussion with Joanie, I'm supportive with moving ahead with the changes. Joanie's text: https://rawgit.com/w3c/aria/password-role/aria/aria.html#password The important feature in Joanie's proposal (which I hadn't picked up on) is that the AT should always be given the actual rendered text, whether that is in a native input password field (obscured or plain text, depending on native features), native input text field (plain text), or a custom editable HTML element (obscured or plain text, depending on how the author's JS is updating the text content in response to keystrokes). A "should" on authors of custom widgets requires them to obscure the value by modifying the actual text content, instead of using visual-only styles to obscure. That addresses the issue of the AT reading out the current value by mistake. Conforming ATs that recognize the password role should also avoid echoing keystrokes, instead reading the new character inserted into the displayed value. I still think it would be useful to have a standard ARIA state that indicates whether or not the password is currently obscured, so that users can know before they start to type. But that could be an ARIA 2 feature. I've added an issue to the tracker so it doesn't get forgotten: https://www.w3.org/WAI/ARIA/track/issues/1022 I also think it's important -- until such time as that state exists and is well supported -- that authors should indicate when a password field is not going to obscure the text. For ARIA 1.1, this could be as simple as an additional author "should". My sample text here: https://rawgit.com/AmeliaBR/aria/password-role/aria/aria.html#password This could be expanded on in the Authoring Practices Guide. Here's a quick demo I put together using <input> elements and a toggled type attribute, if any of the APG editors want to use it as a starting point: Editor (JSBin): https://jsbin.com/gagarohale/edit?html,js,output Result: https://output.jsbin.com/gagarohale Joanie had some concerns about whether this is really the best approach. I'll leave it up to her to forward those to the list. That leaves one issue remaining from my original email. To address existing content (that does not use role="password" explicitly), would it be possible to have user agents treat a toggled native password element (e.g., an <input type="password"> that is changed to type="text") as if it is still the same element with the same role? This would be material for the HTML-AAM, if a normative requirement is desired. I'd be interested to hear from implementers whether it sounds like an easy fix or a horrible mess. ~ABR
Received on Friday, 1 April 2016 00:03:27 UTC