W3C home > Mailing lists > Public > public-html@w3.org > August 2009

Re: Helping Canvas Tag Be Accessible

From: Charles McCathieNevile <chaals@opera.com>
Date: Wed, 05 Aug 2009 13:39:10 -0400
To: "Henri Sivonen" <hsivonen@iki.fi>, "Richard Schwerdtfeger" <schwer@us.ibm.com>
Cc: "HTMLWG WG" <public-html@w3.org>, "W3C WAI-XTECH" <wai-xtech@w3.org>
Message-ID: <op.ux69zkifwxe0ny@widsith.local>
On Wed, 05 Aug 2009 08:46:59 -0400, Henri Sivonen <hsivonen@iki.fi> wrote:

> On Jul 30, 2009, at 15:50, Richard Schwerdtfeger wrote:
>> In order to make canvas accessible we will need:
>> 	• An object model to which authors can apply an accessibility API.
> This already exists on the spec level (well, maybe not so clearly for  
> focus traversal) in the heavy-weight (object is a DOM node) form:
> Putting an ARIA-decorated DOM subtree inside <canvas>.
> I doubt the benefit of speccing another object model. A new object model  
> could perform a bit better that a DOM subtree but any object model would  
> still be an abstraction level mismatch with the Canvas 2D API.


>   * If the mapping from low-level platform APIs to a JS API is direct,  
> malicious or incompetently written scripts can tell AT crazy things. Are  
> ATs robust against apps telling them crazy things? Does the browser need  
> to be able to sanitize the interaction instead of directly mapping the  
> interfaces?

This is a general problem. ATs and browsers have some rudimentary  
protection against crazy information (e.g. for the summary attribute), but  
there isn't a known general solution to this issue. I don't think that the  
risk of lazy, incompetent or malicious coding in canvas is likely to be  
far different from that in the rest of the web (i.e. I suspect it will  
probably be something like an order or two of magnitude more common than  
good practice). This is akin to "this doesn't open any *new* security  
holes" - it is a long way from perfect, but at least it enables us to do  
some useful things that we couldn't otherwise. In the absence of perfect,  
I will take "better than what we have"...



Charles McCathieNevile  Opera Software, Standards Group
     je parle français -- hablo español -- jeg lærer norsk
http://my.opera.com/chaals       Try Opera: http://www.opera.com
Received on Wednesday, 5 August 2009 17:40:13 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 9 October 2021 18:44:53 UTC