- From: Cynthia Shelly <cyns@microsoft.com>
- Date: Wed, 6 Aug 2014 22:41:34 +0000
- To: W3C WAI Protocols & Formats <public-pfwg@w3.org>
- Message-ID: <334c4d8956a846d391852c5200b1a243@BLUPR03MB166.namprd03.prod.outlook.com>
I read through the Content Security Policy Level 2 [1] draft. While I didn't see anything that is obviously an accessibility concern in this spec, there are a few questions I would like to ask the working group. Accessibility tools operate on internet content as: 1. Native OS software that uses an OS API to access content. In this case, the browser implements this API. 2. Proxies and frames such as webanywhere [2] 3. Browser plug-ins extensions and add-ons that enhance browser functionality. For example, the headingmap add-on for firefox [3] How would each of these be impacted for a site using Content Security Policy Level 2? In particular, how would the connect-src, frame-ancestors, and referrer directives impact webanywhere? How would the sript-src and plugin-type directives impact an add-in like headingmap? It is also possible that a user could specify and alternate plug-in for a media type, using a plug-in with better accessibility. I have not seen this in practice, so I don't know if it's a concern here. Other PF people, do you know of AT that works like this? If it is in use in the real world, then the plugin-types directive could also impact that. [1] http://www.w3.org/TR/2014/WD-CSP2-20140703/ [2] http://webinsight.cs.washington.edu/papers/webanywhere-html/ [3] https://addons.mozilla.org/en-US/firefox/addon/headingsmap/
Received on Wednesday, 6 August 2014 22:42:22 UTC