When a link is to an anchor it will throw an error if that anchor isn't declared as an id. This should pass if the anchor is declared within the name attribute also.

The code below is valid but is throwing an Error because top isn't declared as an id.

<h1 name="top">Heading</h1>
<a href="#top">back to top</a>

sorry no PR -- hotfixed this in my repo, but haven't sat down to figure out the build process y'all are using. should be simple enough to fix.

both

https://github.com/squizlabs/HTML_CodeSniffer/blob/master/Standards/Section508/Sniffs/A.js

and

https://github.com/squizlabs/HTML_CodeSniffer/blob/master/Standards/Section508/Sniffs/L.js

rely on functions provided by sniffs on another standard. this requires loading up that standard first, before one can process the Section508 standard.

the workarounds are to copy those files into the section508 sniff and update the rulesets or to process WCAG2AAA first and then process section508 later.

which is preferred? if the first, then we could document it, if the later, it is a bit of code duplicate, it might be better to allow rulesets to specify sniffs that exist in a different folder

It looks like you're just concatenating and minifying all the files. Do they have the be in any particular order? Is there a command or build script I can run?

Updated FF to version 20.0 yesterday and then noticed CodeSniffer was no longer working. I have installed it in Chrome and it works fine. I have cleared history (but not cookies), rebooted FF, and rebooted the computer. Running Win7 fully patched. Norton AV v20.3

I forked this repository and finished translating error massages and Auditor in Japanese.

Can I also translate gh-pages and README?
I'll not remove copyrights and your company names.

I downloaded 'HTML_CodeSniffer-master.zip' on my local machine. My application (that need to be tested for accessibility) is hosted in my Local Intranet Server. Could you please guide (or provide steps) me that how can I use it for Accessibility Testing ?

When testing for the presence of labels, input elements cause a JavaScript error when the type attribute is omitted (as it tries to perform a regex on null). It should default to "text" when no type attribute is present, as is the case when the field is presented on-screen.

This rewrite will focus on the failures expressed in F68, which was revised significantly compared to the previous revision.

The new code will be based around the test in F68 and will handle the following:

• Labels created by wrapping an input and the label inside a LABEL element. This was not considered accessible in the old version but is now considered acceptable according to F68.
• New features due to ARIA, such as aria-label and aria-labelledby.

The code that handled "position of label compared to the element" will be reviewed, and possibly will be reduced to a warning. It is still mentioned in step 1 of each part of H44), but I don't believe it is as important as it is being made out.

Apart from the position messages, failures that currently use codes starting with "H44" or "H65" will use codes starting with "F68" instead, to emphasise that it is hitting a failure technique.

This is the code:

<html lang="en">

When running HTML_CodeSniffer auditing WCAG 2.0 AA, the error show is:

The html element should have a lang or xml:lang 
attribute which describes the language of the 
document.

This issue appeared when running in http://a11yproject.com/ website.

Tested in Firefox 22 and in Chrome 28 on Windows XP

Hi there,

So I've been doing some testing and it seems to me that this could be an issue further down (like the HTMLCS.js), but I wanted to get your take on it and see if this issue is something you have seen. Appreciate taking the time to review and respond.

I was interested in the data coming out in the CLI version of the tool, as a result I noticed that it doesn't really give us details, only a summary. So after a little poking around, I added some code to the sanitizeMessages() function in handle-result.js ( see attached screenshot ), that essentially converts the message to a string and add's it to the 'raw" property of the returned message object.

I did this so I could look at the data coming back and see if we could add a verbose function here to give instance specific details of each reported error in the CLI

I then added a custom reporter:

This reporter is essentially the standard reporter, but if there is multiple messages, and the message is different from the first, it outputs the raw data attribute which my last screen shot shows.

So the reason for this, is some messages are very vague and cryptic in the CLI, like the error in the output:

{ code: 'WCAG2AAA.Principle1.Guideline1_3.1_3_1.H44.1.Before',
element: null,
msg: 'The label element for this control should be placed before this element.',
type: 1 }

It's great that I should place a label control in front, but which element is it referring too?

Other examples include when it suggests I should change the contrast color on an element...suggests the new value, but I'm not sure what element it was referencing, since the output didn't include it.

Any reason why, or had you encountered this case already where the data in the messages are actually empty?

I have warnings for elements that are no longer set on background images!

I've been converting all our gradient images into css gradients and the sniffer is still throwing a warning for them.

On some pages I can run the bookmarklet and it will show the pop up box with errors, warnings, notices. But when I click on "view report", nothing happens. Is there a way around this or is it a issue with the web application? https://home.cunyfirst.cuny.edu/psp/cnyepprd/GUEST/HRMS/c/HRS_HRAM.HRS_CE.GBL

While running on a HTTPS website, an error is thrown on Chrome:

[blocked] The page at https://some-web-site/ ran insecure content from http://squizlabs.github.com/HTML_CodeSniffer/build/HTMLCS.js.

• Firefox 17 ESR : OK
• Chrome 21 : NOK (error thrown)

I am using HTML Code_Sniffer for my web application and testing till WCAG 2.0 AA. I am covering All the errors and warning.

Could you please suggest that after fixing all the errors and warnings till WCAG 2.0 AA on my web application using HTML Code_Sniffer , Will it be completely WCAG 2.0 AA compliance ?

I am using 'HTML Code Sniffer' tool with selenium webdriver to automate my web application. When I run 'html code sniffer' on web page through code it works fine. but when try to run 'html code sniffer' again on other url (through the same webdriver instance) it is not working and give the error 'HTML Code sniffer' not found. Could you please suggest me how to resolve this issue?

Any thoughts on letting the user download the report from the bookmarklet itself.

There are currently issues when HTML_CodeSniffer points to "position: fixed" elements. Because the pointer is always "position: absolute", it will point to where it would be if the item were absolutely-positioned - which will not be correct when the document has been scrolled.

These should be pointed to with a similarly fixed-positioned pointer, so that it points to the correct spot, and doesn't move while scrolling.

When a source code fragment (not a full document), I am getting false positives regarding a "This label's "for" attribute contains an ID that does not exist in the document" (H44.NonExistent).

Example fragment which resulted in this error in Chrome:

<label for="test-1">Test:</label> <input type="text" id="test-1" />

Using Chrome 21. This seemed to work in Firefox, and may have to do with different interpretations of what the owner document of a removed DOM element is between Webkit and Gecko.

When the Section 508 standards were added, the standards list population was changed to handle more than just the WCAG2* standards. However, in IE8 the standards list is empty.

Standards (and sniffs) are declared as vars in the global JS namespace, seems to make them properties of the Window object in Firefox and Chrome, but in IE8 it doesn't. Since it depends on "for i in window" type iteration in the auditor, it is returning no standards. Referring to standards with the "window." prefix works however.

Workaround is currently to modify the bookmarklet to use the appropriate standard code. Will work out a more robust method of including the standards, probably by making them a property inside the HTMLCS namespace.

I have to use HTML_Codesniffer for one of my client for Accessibility Testing hence I am just figuring/searching out the features of it. When I tried it on an authenticated page (My Gmail inbox) I was able to use it but when I tried it on facebook (after login into the facebook account) it is not working. And I am wonder that, it is even not working on the 'home page - Login page of Facebook'.

I have to suggest this tool for Accessibility testing but I am little worried about that will it work on Authenticated Pages or not. It will be a Learning Application ( But my bad is that I don't have the web app in my hand right now so that I can check it) on which I will have to test accessibility.

Please help me out and if there is any documentation you can provide that will be really appreciable.

Thanks
-Akram

1. Open this jsbin http://jsbin.com/buwefuduga/1/
2. Run Code Sniffer Bookmarklet
3. Set mode to WCAG2AAA (Issue is on Triple A only)
4. Note the errors... In particular:

This element has insufficient contrast at this conformance level. Expected a contrast ratio of at least 7:1, but text in this element has a contrast ratio of NaN:1.

This is problematic because a) its reporting NaN so something must be off.. b) This one should pass since its white on black.

It appears like the issue is related to absolutely positioned elements but thats a guess.

For example, text of an element that is absolutely positioned will be marked as an error if the background color is inherited. Because the text might not actually be over the inherited background color any more, it should be downgraded to a warning for manual review.

A version that could be run as part of a CI build through the command line would be very useful. Possibly using PhantomJS for hosting the page and output like CSSLint and JSHint

Hi.

When I check the HTML something like:

<h1><img src='foo.png' alt='Header' /></h1>

with HTML_CodeSniffer in WCAG 2.0 Level A mode, I got message:

Heading tag found with no content. Text that is not intended as a heading should not be marked up with heading tags.

which is in [Standard].Principle1.Guideline1_3.1_3_1.H42.2.

I think it should replace img element with alt text first, then checking the content of H1 element.

There has been some debate regarding if disabled (by means of the disabled attribute or ARIA) elements are exempt from contrast requirements.

It is my understanding that these elements are considered "inactive user interface component" (as defined by the spec), and should be skipped during the contrast test.

It appears that Code sniffer rule set says drop down must have an option selected by default. However, this seems to not a requirement as per WCAG 2.0 At least we couldn't find any such requirement. Would be good if you can investigate and remove this ruleset. Ref: http://webaim.org/techniques/forms/controls#select

First I want to thank you for the tool. She is very good!

Error
This error is genered in:

In http://dimais.vv.si/

Testing WCAG2AAA

Usign this code:
javascript:(function() {var _p='http://squizlabs.github.io/HTML_CodeSniffer/build/';var _i=function(s,cb) {var sc=document.createElement('script');sc.onload = function() {sc.onload = null;sc.onreadystatechange = null;cb.call(this);};sc.onreadystatechange = function(){if(/^(complete|loaded)$/.test(this.readyState) === true){sc.onreadystatechange = null;sc.onload();}};sc.src=s;if (document.head) {document.head.appendChild(sc);} else {document.getElementsByTagName('head')[0].appendChild(sc);}}; var options={path:_p};_i(_p+'HTMLCS.js',function(){HTMLCSAuditor.run('WCAG2AA',null,options);});})();

This is probably more of an issue with your description/wording, but:

• WCAG 2.0 is explicitly tech-agnostic, and does not mandate specific "coding"
• the WCAG 2.0 techniques are only informative, not normative, meaning that they are only suggested ways to code to pass a specific success criterion - however, they're far from complete, and there's potentially infinite other ways to pass an SC.

So, I'd really suggest toning down the "enforcing" side of things. Maybe reword by saying it checks your code against techniques suggested in the WCAG 2.0 TECH (rather than "coding standards"), but that this by no means is exhaustive...and that your tool, in short, is purely informative in nature.

The following code:

    <h1>
      <a href="http://www.alsacreations.com/" accesskey="1"
                  title="Alsacréations, apprentissage des standards web, accueil">
        <img id="logo" alt="Accueil - Alsacreations.com" src="image.png"
                  height="80" width="290">
      </a>
    </h1>

found in http://www.alsacreations.com (main logo in upper left part of the page) is detected as: "Heading tag found with no content. Text that is not intended as a heading should not be marked up with heading tags" but the content is "Accueil - Alsacreations.com" as an image in a link.

Relevant code in HTML_CodeSniffer seems to be the function testEmptyHeading in 1_3_1.js but I'm not sure how it could be improved (I'm just discovering the code behind your tool and I'm more a CSS/accessibility guy than a developer...).
Is there a class/function somewhere that could return content from child element, including text alternative for images: maybe something similar to testNullAltText in 1_1_1, if no other content was found prior to that and there are images in a heading?

Hi,

I am writing a Ember.js web application and using the HTML_CodeSniffer to do validation of my website. Ember.js uses a # in the url to do navigation and the HTML_CodeSniffer sees that as an error.

This link points to a named anchor "/dashboard" within the document, but no anchor exists with that name.

Principle: Operable
Techniques: G1 G123 G124

<a id="ember404" class="ember-view navbar-brand" href="#/dashboard">Dashboard</a>

You can see the error on any site that uses Ember. For example.. http://giddyup.basho.com/#/projects/riak

I was wondering if there was a way to not report the problem as a error but as a notice or even a warning. I think Angular.js apps will probably have the same problem with the # in the url to handle navigation.

Thanks!

On page that are served with MIME type 'application/xhtml+xml', the 'View Report' link doesn't work. Tested with Firefox 16.0.1 and URI http://www.opvallendeplanten.nl/
When IE8 is used, the same page is served with MIME type 'text/html'. In that case, the 'View Report' link does work.

PS:
In Firefox, HTML_CodeSniffer reports 6 errors, 33 warnings and 72 notices.
In IE8, HTML_CodeSniffer reports 7 errors, 34 warnings and 69 notices.
The only difference is the MIME type, not the HTML code.
Problem: I can't compare the reports.

The general notices for ensuring contrast ratio is correct (7:1, 4.5:1 or 3:1, depending on the level and whether the text is considered "large" or not) should be replaced with errors thrown by calculating contrast ratios - according to the WCAG 2.0 specification - for relevant elements that directly contain text.

It will need to be smart enough to only test elements with text, and not elements which are hidden or possibly set aside using screen-hiding techniques.

It should, preferably, be able to suggest a new similar colour (either changing foreground or background) that would meet the appropriate colour contrast ratio.

I found some discrepancies using the bookmark and the online analizer you have at: http://squizlabs.github.io/HTML_CodeSniffer/

Also, when using pa11y, I see there are several differences in the results. Is this a known issue?

Following up #107 with commenter @alxndrmlr:

Having this tool not report H44 and H91 for the following...

<label>Title:<input name="criteriaTitle" type="text" value="History of similar experience"></label>

...as it complies with F68

The two particular concerns are:

• 1_3_1.H44.NoForAttr - although the text box is no longer complaining it has a label, the label is complaining that it has no For attribute, even though it's no longer required here.
• 4_1_2.H91.InputText.Name - this test still expects an explicit reference using a "for" attribute. Will need to rewrite a bit to accept ARIA and wrapped labels.

Hi.
I'm checking licence.txt and just to make sure it’s right.

Can I use HTML_CodeSniffer to build some plugins for free CMSs, which licenced with GPL?
Of cause, I'll keep all the rules in licence.txt.

The following fails, despite have an associated aria-label.

<input aria-label="search query" autocomplete="off" class="input-mini search-query" id="query" name="query" placeholder="Search" type="text">

This text input element does not have a name available to an accessibility API. Valid names are: label element, title attribute.

I am using HTML Code_Sniffer for WCAG 2.0 AA. Could you please let me know what should I cover that is Error+Warning+Notices or Error+Warnings or Only Errors ?

Adding individual pages that fail the rules would make creating and testing PR's easier to verify

The following warning appears when a label element's for attribute references the id of button.

This label's "for" attribute contains an ID for an element that is not a form control. Ensure that you have entered the correct ID for the intended element.

The button element is labelable.

This jsbin shows the issue.

I recently got this message:

This element has insufficient contrast at this conformance level. Expected a contrast ratio of at least 4.5:1, but text in this element has a contrast ratio of 4.5:1. Recommendation: change background to #00892c.

Foreground color used: #FFFFFF
background color used: #008A2C

I found this to be confusing because the error message said that it expected a ratio of 4.5:1 but it found a ratio of 4.5:1. We went ahead and used the suggested color, but from the error text, it sounds like it shouldn't have been an error...

Also, this service says that the ratio was valid: http://snook.ca/technical/colour_contrast/colour.html

Not sure who to believe.

I am testing an application in which HTML_Code sniffer identify some hidden elements also,
Below is an example :

Below anchor element is hidden and not shown by code sniffer on UI by 'Point to Element' button , but still it captures that issue and shown.

Error : Anchor element found with no link content and no name and/or ID attribute.
Code Snippet :

Here my question is that do we need to remove these hidden elements as well or it is fine and we can ignore it.

Presently, Sniffer flags the fields with the "hidden" attribute with an error because they do not have the associated label. This is obviously incorrect since "hidden" fields are used for passing the information to the server.

HTML_CodeSniffer makes a poor assumption that onclick event handlers will only be assigned to focusable elements like links and buttons. It does not currently throw a warning when generic elements like "div" or "span" are have onclick event handlers. The sniff should probably evaluate whether or the element focusable and throw a warning/error if it is not.

http://gruntjs.com/ is a NodeJS build tool with a wide variety of plug-ins for common tasks (linting, minification, concatenation, QUnit test, PhantomJS, etc...).

If you're interested I'll whip up a PR

The code sniffer reports an error if a "label" element does not have a "for" attribute. The relevant guideline (http://www.w3.org/TR/2008/REC-WCAG20-20081211/#content-structure-separation-programmatic) requires only that the relationship be programatically determined.

In HTML (http://www.w3.org/html/wg/drafts/html/CR/forms.html#the-label-element), the relationship between a label and its labelled control can also be determined by containment rather than by using a for attribute. The two techniques are equivalent ways of establishing the same relationship in serialised HTML, and once the DOM is parsed, the two techniques are indistinguishable.

The containment technique is a useful one, as it removes the need to generate large amounts of unnecessary ids, and manage their uniqueness. Obviously, it would be better if using this technique didn't result in false positives.

I'm not sure if this is an error, but I would at least like to have this clarified and understand why this is being reported as an error.

Multiple labels exist with the same "for" attribute. If these labels refer to different form controls, the controls should have unique "id" attributes.
[Standard].Principle1.Guideline1_3.1_3_1.H93

The linked standard (http://www.w3.org/TR/WCAG20-TECHS/H93) does not mention anything about labels, just that all elements must have unique id attributes. This seems very similar to H44(http://www.w3.org/TR/2013/NOTE-WCAG20-TECHS-20130905/H44) which also seems to suggest that multiple labels can be associated with a single ID.

So as far as I can tell, the HTML Codesniffer interrupted H93 wrongly.

Am I correct in my understanding? If not, can someone clarify my misunderstanding?

it'd be quite useful to include codesniffer in a few of my applications for testing purposes. unless there are any objections, i'd like to get around to adding support for a commonjs-style require of codesniffer. thoughts?

SC 4.1.2 currently uses the Selectors API's querySelector() function to find explicit labels with "for" attributes matching a specified input ID, so they can be considered as an "accessibility API name".

This limits useful IDs to CSS selectors, which is a subset of that allowed in HTML 4 and 5. When unusable names are found, an Error is emitted. This is too harsh for the situation, as this is not an error in HTML at all.

When running HTML_CodeSniffer on http://www.w3.org/WAI/, the app reports one error:
"Img element is the only content of the link, but is missing alt text. The alt text should describe the purpose of the link."

Issue: the IMG element is NOT the only content of the link.