powermail icon indicating copy to clipboard operation
powermail copied to clipboard
verified publisher icon in2code-de

[TASK] Hide honeypot field from screenreaders

Open derhansen opened this issue 6 years ago • 9 comments

The configured value new-powermail-hp for the autocomplete attribute is invalid and fails in the accessibility check provided by accessibilityinsights.io

AFAIK, valid values for autofill are:

  • https://www.w3.org/TR/html52/sec-forms.html#autofilling-form-controls-the-autocomplete-attribute
  • https://www.w3.org/TR/WCAG21/#input-purposes

derhansen avatar Oct 16 '19 16:10 derhansen

See #102 for the reason of the current value.

nebrot avatar Oct 17 '19 11:10 nebrot

The problem is, that the current value is invalid and resulting in an error in WCAG tests.

TYPO3 core ext:form has those settings (see https://forge.typo3.org/projects/typo3cms-core/repository/revisions/090a852fd0d8b5e1b6062614a4197dbcb6d06a92/diff), which I believe may not resolve the problem Chrome browser has with autocomplete="off".

I'd rather prefer adding a valid value to the autocomplete attribute (e.g. address-level4 like suggested as solution in https://bugs.chromium.org/p/chromium/issues/detail?id=468153#c41).

Any opinions against such a solution?

derhansen avatar Oct 24 '19 18:10 derhansen

I adapted the PR, so the autocomplete field can still contain an invalid value, but screenreaders will ignore the honeypot field (added aria-hidden="true").

Note, that I also added the form uid to be included in the autocomplete value, since this may reduce the amount of spam (see https://forge.typo3.org/issues/89420)

derhansen avatar Nov 23 '19 04:11 derhansen

The prefix "new-" must be still at the beginning. Could you change it to autocomplete: 'new-powermail-hp-{form.uid}'?

nebrot avatar Nov 23 '19 10:11 nebrot

The prefix "new-" must be still at the beginning. Could you change it to autocomplete: 'new-powermail-hp-{form.uid}'?

Done

derhansen avatar Nov 23 '19 13:11 derhansen

@nebrot Hello,

why is the new- prefix needed? Because the screenreader is now not acting with this field anymore, but the field is still invalid. Is there no way to choose a value from this list. It seems the spam protection just checks if the field __hp is empty.

So bot maybe also fill out the valid autocomplete field.

https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete

markusguenther avatar Sep 07 '20 13:09 markusguenther

@nebrot Hello,

why is the new- prefix needed? Because the screenreader is now not acting with this field anymore, but the field is still invalid. Is there no way to choose a value from this list. It seems the spam protection just checks if the field __hp is empty.

So bot maybe also fill out the valid autocomplete field.

https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete

It's semantic autocomplete to avoid autofilling e.g. in Chrome for Android. See #102 for details and https://stackoverflow.com/a/30873633

nebrot avatar Sep 07 '20 13:09 nebrot

There are other solutions that pass the validator:

<input autocomplete="section-powermail-hp-<random> pager tel-local-suffix"/>
<input autocomplete="section-powermail-hp-<random> new-password"/>

See https://www.w3.org/TR/html52/sec-forms.html#autofilling-form-controls-the-autocomplete-attribute

masi avatar Nov 09 '20 14:11 masi

Also created a PR to be able to define autocomplete attributes via field properties https://github.com/einpraegsam/powermail/pull/620

markusguenther avatar Nov 09 '20 21:11 markusguenther

@derhansen Does this problem still exist? Can you create an issue for it? (Since this has been around a while and is not merged yet, but one cannot find this when searching in the issues tab).

See also my issue, related to honey pot failing, but probably not directly related #824.

sypets avatar Nov 07 '22 07:11 sypets

Thx for raising this issue again. I just merged it to develop branch.

einpraegsam avatar Nov 07 '22 08:11 einpraegsam