On Wed, 05 Aug 2009 08:46:59 -0400, Henri Sivonen <hsivonen@iki.fi> wrote: > On Jul 30, 2009, at 15:50, Richard Schwerdtfeger wrote: ... >> In order to make canvas accessible we will need: >> • An object model to which authors can apply an accessibility API. > > This already exists on the spec level (well, maybe not so clearly for > focus traversal) in the heavy-weight (object is a DOM node) form: > Putting an ARIA-decorated DOM subtree inside <canvas>. > > I doubt the benefit of speccing another object model. A new object model > could perform a bit better that a DOM subtree but any object model would > still be an abstraction level mismatch with the Canvas 2D API. Agreed. [..] > * If the mapping from low-level platform APIs to a JS API is direct, > malicious or incompetently written scripts can tell AT crazy things. Are > ATs robust against apps telling them crazy things? Does the browser need > to be able to sanitize the interaction instead of directly mapping the > interfaces? This is a general problem. ATs and browsers have some rudimentary protection against crazy information (e.g. for the summary attribute), but there isn't a known general solution to this issue. I don't think that the risk of lazy, incompetent or malicious coding in canvas is likely to be far different from that in the rest of the web (i.e. I suspect it will probably be something like an order or two of magnitude more common than good practice). This is akin to "this doesn't open any *new* security holes" - it is a long way from perfect, but at least it enables us to do some useful things that we couldn't otherwise. In the absence of perfect, I will take "better than what we have"... cheers Chaals -- Charles McCathieNevile Opera Software, Standards Group je parle français -- hablo español -- jeg lærer norsk http://my.opera.com/chaals Try Opera: http://www.opera.comReceived on Wednesday, 5 August 2009 17:40:13 UTC
This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:53 UTC