Re: Helping Canvas Tag Be Accessible

On Wed, 05 Aug 2009 08:46:59 -0400, Henri Sivonen <> wrote:

> On Jul 30, 2009, at 15:50, Richard Schwerdtfeger wrote:
>> In order to make canvas accessible we will need:
>>  • An object model to which authors can apply an accessibility API.
> This already exists on the spec level (well, maybe not so clearly for  
> focus traversal) in the heavy-weight (object is a DOM node) form:
> Putting an ARIA-decorated DOM subtree inside <canvas>.
> I doubt the benefit of speccing another object model. A new object model  
> could perform a bit better that a DOM subtree but any object model would  
> still be an abstraction level mismatch with the Canvas 2D API.


>   * If the mapping from low-level platform APIs to a JS API is direct,  
> malicious or incompetently written scripts can tell AT crazy things. Are  
> ATs robust against apps telling them crazy things? Does the browser need  
> to be able to sanitize the interaction instead of directly mapping the  
> interfaces?

This is a general problem. ATs and browsers have some rudimentary  
protection against crazy information (e.g. for the summary attribute), but  
there isn't a known general solution to this issue. I don't think that the  
risk of lazy, incompetent or malicious coding in canvas is likely to be  
far different from that in the rest of the web (i.e. I suspect it will  
probably be something like an order or two of magnitude more common than  
good practice). This is akin to "this doesn't open any *new* security  
holes" - it is a long way from perfect, but at least it enables us to do  
some useful things that we couldn't otherwise. In the absence of perfect,  
I will take "better than what we have"...



Charles McCathieNevile  Opera Software, Standards Group
     je parle français -- hablo español -- jeg lærer norsk       Try Opera:

Received on Wednesday, 5 August 2009 17:40:16 UTC