- From: White, Jason J <jjwhite@ets.org>
- Date: Sat, 18 Jun 2016 17:04:06 +0000
- To: Birkir Gunnarsson <birkir.gunnarsson@deque.com>, 'John Foliot' <john.foliot@deque.com>
- CC: 'Joanmarie Diggs' <jdiggs@igalia.com>, 'James Craig' <jcraig@apple.com>, 'ARIA Working Group' <public-aria@w3.org>, 'Michiel Bijl' <michiel@agosto.nl>
- Message-ID: <BY2PR0701MB1990796FECF6CE338CB328D9AB280@BY2PR0701MB1990.namprd07.prod.outlook.>
From: Birkir Gunnarsson [mailto:birkir.gunnarsson@deque.com] Sent: Friday, June 17, 2016 4:58 PM My last clarification on the subject, then I shall peacefully withdraw, and celebrate Icelannd’s Independence Day. ARIA is about equivalent experience. A regular user that encounters a “custom password” field will see its label and will notice that as she starts typing something into the field, that her input is obfuscated. The only assurance that regular user has comes from the label, and seeing that the text is obfiscated. An aria-masked attribute would communicate that same information to the screen reader user, whereas role=”password” creates certain expectations that may or may not be met by the author. If you see a fin in the water it might be a fish or a shark. All you see is a fin in the water. Can we, based on that, tell the screen reader user that a shark is in the vicinity when it might just be a harmless baracuda? [Jason] It isn’t clear what the “certain expectations” are. There isn’t even a legitimate expectation that the string entered into the field will be transmitted securely to the server. For that, a discerning user has to check for the presence of TLS, which, I am told, is normally represented by an icon that the browser displays. Additionally, obfuscated fields are increasingly popular for information other than passwords (i.e. personally sensitive information or payment info). And there is a need to be able to notify screen reader users of this. The password role would be misleading if applied to a social security number field, but aria-masked would be an accurate description. [Jason] I think this is a very good point. One could even define role=masked if it’s meant to apply only to editable text fields. With that, I rest my case and wish you all a good weekend. [Jason] It’s a good case. Let’s see how the discussion evolves. ________________________________ This e-mail and any files transmitted with it may contain privileged or confidential information. It is solely for use by the individual for whom it is intended, even if addressed incorrectly. If you received this e-mail in error, please notify the sender; do not disclose, copy, distribute, or take any action in reliance on the contents of this information; and delete it from your system. Any other use of this e-mail is prohibited. Thank you for your compliance. ________________________________
Received on Saturday, 18 June 2016 17:04:37 UTC