Re: [DWP Security Warning] - Re: [en] WCAG-EM Report Tool

Hi Nicki,

Is this the HTML file that you are assessing? If so, then no that wouldn’t really help much.

it is more about the information that is being added to the EM Report Tool <https://www.w3.org/WAI/eval/report-tool/> and whether there is anything done to the JSON file afterwards.

Thanks

Kevin 


> On 31 Jan 2023, at 11:42, Berry Nicki Digital Group Quarry House <Nicki.Berry@dwp.gov.uk> wrote:
> 
> If I give you the HTML file, would that help? The only thing is, it is a private/sensitive document, so could you assure me that it would be deleted after you have investigated?
>  
> Nicki Berry | Head of Accessibility | Accessibility Standards and Strategy | Department for Work and Pensions | Digital Group | Quarry House, Leeds, LS2 7UE | Tel: 0300 087 8667 |nicki.berry@dwp.gov.uk <mailto:nicki.berry@dwp.gov.uk> | accessibility-manual.dwp.gov.uk <http://www.accessibility-manual.dwp.gov.uk/>
> Please consider the environment before printing
>  
> Preferred terminology: wheelchair user, assistance dog, disabled person
> My working hours: Mon to Thurs 06:00 – 15:30. I also work Fridays but try to keep them meeting-free.
> Planned leave: 20th Feb to 24th Feb
>  
> From: Kevin White <kevin@w3.org> 
> Sent: 31 January 2023 11:39
> To: Berry Nicki Digital Group Quarry House <Nicki.Berry@dwp.gov.uk>
> Cc: wai-eo-editors@w3.org
> Subject: Re: [DWP Security Warning] - Re: [en] WCAG-EM Report Tool
>  
> Hi Nicki,
>  
> That is what I am not clear about. I can’t replicate a JSON file that doesn’t end up with the correctly generated ids. Not really sure on the process that you used to create your report.
>  
> Thanks
>  
> Kevin
> 
> 
> On 31 Jan 2023, at 11:33, Berry Nicki Digital Group Quarry House <Nicki.Berry@dwp.gov.uk <mailto:Nicki.Berry@dwp.gov.uk>> wrote:
>  
> Hi Kevin
>  
> So is there a way to avoid this happening in the future? Is it something we did wrong or is it a problem with the tool?
>  
> Nicki
>  
> Nicki Berry | Head of Accessibility | Accessibility Standards and Strategy | Department for Work and Pensions | Digital Group | Quarry House, Leeds, LS2 7UE | Tel: 0300 087 8667 |nicki.berry@dwp.gov.uk <mailto:nicki.berry@dwp.gov.uk> | accessibility-manual.dwp.gov.uk <http://www.accessibility-manual.dwp.gov.uk/>
> Please consider the environment before printing
>  
> Preferred terminology: wheelchair user, assistance dog, disabled person
> My working hours: Mon to Thurs 06:00 – 15:30. I also work Fridays but try to keep them meeting-free.
> Planned leave: 20th Feb to 24th Feb
>  
> From: Kevin White <kevin@w3.org <mailto:kevin@w3.org>> 
> Sent: 31 January 2023 11:32
> To: Berry Nicki Digital Group Quarry House <Nicki.Berry@dwp.gov.uk <mailto:Nicki.Berry@dwp.gov.uk>>
> Cc: wai-eo-editors@w3.org <mailto:wai-eo-editors@w3.org>
> Subject: Re: [DWP Security Warning] - Re: [en] WCAG-EM Report Tool
>  
> Hi Nicki,
>  
> Not the URLs. When you add a sample web page you can use any short name and address (or description). The id is actually generated and you shouldn’t need to worry about how they are created. As I say, I am not clear how the URLs became ids in the JSON file that you shared.
>  
> Thanks
>  
> Kevin
>  
> 
> 
> 
> On 31 Jan 2023, at 11:26, Berry Nicki Digital Group Quarry House <Nicki.Berry@dwp.gov.uk <mailto:Nicki.Berry@dwp.gov.uk>> wrote:
>  
> Hi Kevin
>  
> Thank you for looking into this for me. So just to confirm, the URLs in the sample must be unique otherwise the JSON file will not download correctly.
>  
> Nicki
>  
> Nicki Berry | Head of Accessibility | Accessibility Standards and Strategy | Department for Work and Pensions | Digital Group | Quarry House, Leeds, LS2 7UE | Tel: 0300 087 8667 |nicki.berry@dwp.gov.uk <mailto:nicki.berry@dwp.gov.uk> | accessibility-manual.dwp.gov.uk <http://www.accessibility-manual.dwp.gov.uk/>
> Please consider the environment before printing
>  
> Preferred terminology: wheelchair user, assistance dog, disabled person
> My working hours: Mon to Thurs 06:00 – 15:30. I also work Fridays but try to keep them meeting-free.
> Planned leave: 20th Feb to 24th Feb
>  
> From: Kevin White <kevin@w3.org <mailto:kevin@w3.org>> 
> Sent: 31 January 2023 10:06
> To: Berry Nicki Digital Group Quarry House <Nicki.Berry@dwp.gov.uk <mailto:Nicki.Berry@dwp.gov.uk>>
> Cc: wai-eo-editors@w3.org <mailto:wai-eo-editors@w3.org>
> Subject: [DWP Security Warning] - Re: [en] WCAG-EM Report Tool
>  
> WARNING! - SECURITY ALERT:
> This email contains a file that appears suspect. These types of files are commonly used by cybercriminals to infect your computer or mobile device with malicious software.
> Only open the attachment(s) and click on links if you are expecting the email and you trust the identity of the sender. If you are unsure, please follow the Phishing and Spam guidance <https://intranet.dwp.gov.uk/section/working-dwp/security/phishing-and-spam> on the Security Portal <https://intranet.dwp.gov.uk/section/working-dwp/security> and if necessary report the email to the Security Advice Centre by following the How to report phishing emails <https://intranet.dwp.gov.uk/page/how-report-phishing-emails> guidance.
> Hi Nicki,
>  
> Thanks for the JSON file. I was able to identify where the problem was but not 100% on why it is there… if that makes sense!
>  
> The JSON includes an entry for each sample page and they are all assigned a unique identifier. Looking at the JSON you have provided it seems that some of these identifiers are not actually unique. Also, they seem to be using a pattern which doesn’t match what is produced by the tool.
>  
> I have attached a more human readable format of your JSON file. If you go to line 107 the entry for ‘Add job profile’ includes an id of 'https://reg-nr.comaea.com/b/competency/index/V3NKOXF4cmJwRk84MW5Sak9ucW5QZz09’ <https://secure-web.cisco.com/1s9r1RET3X2bLPOrnR19jXcwOAzGAs3CHEEF2Mz5FQ1O6wiN63ztl2ZgqEQqsuIuxbIDSNBWhZQuIcJRfK5RF0kydTYwDXnhCRLKfQJh47sIaRpYNysMgrRV-uOJsQSZ4WFO8BWGXzpCbr-X1OKd1S8_4vxisrkxZ_b-HXehdJ9V-u20y_yWqJGt_Yx-9Jy9WM8a89jIU7mips-7tUtdXB--F6y5kAItJPTxeL59n2KEZsCX-GM6rW_5Y3OIlbZgomcJbXDsreVuBrd0JlAQ2rplDaPm4dDME3hFk7R4wIJLgBWYsSzitilNRpk_kVaOexqZJjtqiTUkx40HWGInfqdOBbmawkFBXTI152guFppqDZdM163qspPWBSg5650R8dkEVHyjjMTY1BQgdbRWCl9YgZNBYiBV7V_BSA4zGqzhM01zdTTMPcyTqAAflW0_X/https%3A%2F%2Freg-nr.comaea.com%2Fb%2Fcompetency%2Findex%2FV3NKOXF4cmJwRk84MW5Sak9ucW5QZz09%E2%80%99>. And if you go to line 117 then the entry for ‘My competency (populated)’ has the same id.
>  
> This is what is causing the peculiarities that you are experiencing.
>  
> If you compare that to the other JSON file I have attached, lines 96 and 106 have unique ids for the sample web pages that I added with the tool.
>  
> I did try to change the ids in the file you shared, but it is an impossible task since the entries in the JSON that cover assertions use the ids and there is no way to know which sample these relate to.
>  
> This is where I am a bit confused as I am not sure how the ids in the file you shared resulted in the format that they did. Might it have been an old file from a previous incarnation of the tool?
>  
> Apologies for the inconvenience regardless,
>  
> Thanks
>  
> Kevin
>  
>  
> **********************************************************************
> This document is strictly confidential and is intended only for use by the addressee.
> If you are not the intended recipient any disclosure, copying, distribution
> or other action taken in reliance of the information contained in this email is strictly prohibited.
>  
> Any views expressed by the sender of this message are not necessarily those of the Department
> for Work and Pensions.
> If you have received this transmission in error please tell us and then permanently delete
> what you have received.
> This email was scanned for viruses by the Department for Work and Pensions antivirus services and was found to be virus free.
> Please note: Incoming and outgoing email messages are routinely monitored for compliance with our Email Policy.
> **********************************************************************
>  
> **********************************************************************
> This document is strictly confidential and is intended only for use by the addressee.
> If you are not the intended recipient any disclosure, copying, distribution
> or other action taken in reliance of the information contained in this email is strictly prohibited.
>  
> Any views expressed by the sender of this message are not necessarily those of the Department
> for Work and Pensions.
> If you have received this transmission in error please tell us and then permanently delete
> what you have received.
> This email was scanned for viruses by the Department for Work and Pensions antivirus services and was found to be virus free.
> Please note: Incoming and outgoing email messages are routinely monitored for compliance with our Email Policy.
> **********************************************************************
>  
> **********************************************************************
> This document is strictly confidential and is intended only for use by the addressee.
> If you are not the intended recipient any disclosure, copying, distribution
> or other action taken in reliance of the information contained in this email is strictly prohibited.
>  
> Any views expressed by the sender of this message are not necessarily those of the Department
> for Work and Pensions.
> If you have received this transmission in error please tell us and then permanently delete
> what you have received.
> This email was scanned for viruses by the Department for Work and Pensions antivirus services and was found to be virus free.
> Please note: Incoming and outgoing email messages are routinely monitored for compliance with our Email Policy.
> **********************************************************************