Ensure advance warning of links opening new window (LG-3528)#4310
Conversation
mitchellhenke
force-pushed
the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
from
1767297 to
ef2ce9a
Compare
mitchellhenke
force-pushed
the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
from
ef2ce9a to
b07c2d1
Compare
|
Was it considered to have these simply not open in a new window? |
|
@aduth The issue is it would clear any inputs or forms a user has filled out, and weighing that risk depends on the page. It's probably not a big deal on pages like login or sign up where there's only one or two fields, but it's harder for the footer where a user may be in the middle of proofing or something. |
Works for me 👍 |
|
My expectation was that if we keep the links as opening in new tab, it would be communicated through |
|
@aduth Based on https://www.w3.org/TR/WCAG20-TECHS/H83.html, I'm not sure if
(Emphasis mine) |
|
@mitchellhenke Hm, fair point. Also looking at G201, the procedure describes "there is a visual warning in text that this link opens to a new window". It could be possible that an icon as described in my previous comment could be sufficient for this. As currently proposed, there's enough visual change that I'd at least recommend soliciting some design feedback. Alternatively, I'd also consider revisiting my earlier question, to the point of: Maybe we should just not open these in new windows. Per G200, this would be preferable in most cases. I don't know that navigating away would be disruptive to progress, at least in that (a) it should be expected from an explicit user action to navigate that in-page state could be lost, and (b) the primary concern described in G200 is of "multi-step" workflows. One which comes to mind is document capture in the React application, currently slated for improvement separately in LG-3613 (show prompt when navigating away from document capture). |
mitchellhenke
force-pushed
the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
2 times, most recently
from
45d27ee to
56daeeb
Compare
mitchellhenke
force-pushed
the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
from
56daeeb to
f2886dd
Compare
| @@ -0,0 +1,7 @@ | |||
| .external-link { | |||
| @include display-icon('external-link', 'after', .65em, units(.5), ''); | |||
There was a problem hiding this comment.
if we're going with this visual treatment, could we just apply this style to a[target=_blank] and skip the partial approach?
There was a problem hiding this comment.
We could, but we'd have to override it to use the alternate white version for cases like the footer.
There was a problem hiding this comment.
Yeah that seems reasonable? Basically footer a[target=_blank] and be done with it?
There was a problem hiding this comment.
Done in de18674, but I'm not sure if the file should be renamed.
There was a problem hiding this comment.
Cool and now we can get rid of the partial entirely, right?
There was a problem hiding this comment.
We have to have both a visual notification and explicit text to let people using screen readers know the link will open a new window. The partial is needed for the latter part.
There was a problem hiding this comment.
Also scss-lint is mad about using the attribute selectors with an element?
There was a problem hiding this comment.
Hmmmm I have one more idea to help us get rid of a partial and leverage CSS.... we could also do the text as ::after { content: '' } attribute
but we'd need to translate it per-local so we'd have to scope it by language. Luckily we sent <html lang="en"> on every page, so:
html[lang=en] {
a[target=_blank]::after {
content: 'opens in a new window';
}
}
html[lang=es] {
a[target=_blank]::after {
content: 'opens in a new window but in Spanish';
}
}I don't know about the scss-lint thoughj
There was a problem hiding this comment.
unfortunately pseudo-element content cannot be non-decorative: https://www.w3.org/TR/WCAG20-TECHS/F87.html
The CSS :before and :after pseudo-elements specify the location of content before and after an element's document tree content. The content property, in conjunction with these pseudo-elements, specifies what is inserted. For users who need to customize or turn off style information in order to view content according to their needs, assistive technologies may not be able to access the information that is inserted using CSS. Therefore, it is a failure to use these properties to insert non-decorative content.
aduth
left a comment
aduth
left a comment
There was a problem hiding this comment.
Per discussion in #4310 (comment), I personally don't see it being much of a problem to have the partial, with there being two potential benefits:
- Acknowledging that, per guidelines, we want this to be an explicit and conscious decision, and that any potential inconvenience associated with using non-standard link rendering should be welcomed in promoting that consideration.
- Based on the USWDS links guidance that @mitchellhenke discovered, I think ideally we should be applying both
usa-linkandusa-link--externalclasses for these links.
Maybe an alternative is a helper link_to which adds any applicable classes and supplementary "(opens in new window)" text? I don't have a strong sense if one or the other of a helper or partial would be preferable.
…ce-warning-of-external-links-lg-3528
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
|
@aduth if it looks good, can I get a ✅? 😀 |
|
@aduth thank you for catching that, bad copy/paste job by me. fingers crossed the next build is it 🤞🏼 |
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov>
mitchellhenke
force-pushed
the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
from
67600ec to
0426b62
Compare
aduth
left a comment
aduth
left a comment
There was a problem hiding this comment.
One question, but looks good 👍
app/helpers/link_helper.rb
Outdated
| if block_given? | ||
| yield(block) | ||
| concat content_tag('span', t('links.new_window'), class: 'usa-sr-only') |
There was a problem hiding this comment.
How is the block form of this method expected to be called? With link_to, the arguments are shifted so make name optional:
Do we even need the block support? It doesn't appear we're using it?
Aside: Reminds me that test specs would be good as well.
There was a problem hiding this comment.
We do use the block version in the footer here: https://github.com/18F/identity-idp/pull/4310/files#diff-727c1af48666bc6f26041f22d5bca5b0f0ab95014c24d020434389879134191cR32-R36
mitchellhenke
force-pushed
the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
from
8f2d22e to
5706c2c
Compare
mitchellhenke
deleted the
mitchellhenke/advance-warning-of-external-links-lg-3528
branch
* Log the user UUID in the image uploads controller (#4286) **Why**: The image uploads controller does not have a current user, so by default the logs won't include the UUID we use to lookup events for a user. * Async phone proofing calls (LG-3275) (#4273) * refactor proofing document capture session result * async phone proofing calls * fix step specs * fix controller specs * fix bad translation reference * use lambda runner for address proofing * add timed_out test * add retries gem * use lambda * temporary lambda ref update * lint * use Agent in lambda controller spec * add in progress spec * strong parameters * lint * do not return idv result in lambda callback * use constants for magic phone numbers * remove retries from Gemfile * move job class logic into proofer * update lambda version * reorder spec expectations * LG-3512: Apply link button styling to link element (#4290) **Why**: As a user, I expect that I can click anywhere within a visual button to trigger the button's behavior, so that I can proceed with the action I intended and expected. * Hide "+" character from screen readers via aria-hidden (LG-3560) (#4291) * Fix intermittent IAA Billing Report test failures by sorting SPs (#4289) **Why**: Ensure tests pass consistently * Remove unused Webpack loaders (#4279) * Remove unused Webpack loaders **Why**: Build performance, improved compatibility with future Webpacker v6 release, improved interoperability with future addition of loaders e.g. source-map-loader * Upgrade focus-trap from 6.1.0 to 6.1.3 **Why**: Fix syntax errors in Internet Explorer * Add source-map-loader to Webpack configuration (#4280) * Add source-map-loader to Webpack configuration **Why**: Improved debuggability of vendor dependencies by respecting any available sourcemaps provided (for example, `identity-style-guide`). * Configure devtool as eval-source-map in development **Why** Improved sourcemap respect * LG-3423: Refactor doc capture (hybrid) polling to own endpoint (#4293) * LG-3423: Refactor doc capture (hybrid) polling to own endpoint **Why**: Isolate standalone polling behavior for easier disambiguation of controller as exclusively responding to JSON, improved ability to implement test specs for controller in isolation. * Revert capture doc status URL to original path See: #4293 (comment) * Use existing user helper value for stubbed sign in * Async proofing for recovery flow (#4294) * make recovery flow use async proofing * remove unused method * securely compare all pii on recovery * Remove unused profile step (#4297) * Add CircleCI lint step to verify ES5 syntax for Internet Explorer (#4296) * Add 18f/identity-es5-safe package * Add es5-safe script * Configure CircleCI to check ES5 safeness * Add JSDoc type annotations * Cast stream file value to string * Remove unnecessary eslint-disable Configured in eslintrc * Bump Mocha to latest version **Why**: ESM compat * Add test specs for identity-es5-safe * Generate desktop selfie as JPEG at original (constrained) capture size (#4295) **Why**: Higher-quality images in a format more aligned with how selfies are generated by Acuant SDK in mobile contexts. * Remove explicit dependency to identity-es5-safe (#4298) **Why**: Appears to cause issues with Yarn integrity, and not strictly necessary * fix warning from i18n update (#4300) * Fixes a bug where canceling identity proofing would leave the user in an endless loop (LG-3520) (#4301) * Use default USWDS pseudo-class for banner collapse button (#4277) **Why**: Consistency with USWDS, eliminate redundant (duplicate) button controls, reduce localization string maintenance overhead, eliminate jQuery dependency from application JavaScript pack * Convert more slim templates (#4304) * convert idv phone new template to erb * convert idv address template to erb * convert piv cac login error template to erb * convert saml_test decode response template to erb * normalize yaml * Update app/views/idv/address/new.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * LG-3576 Update the piv/cac chooser page with new graphics, layout, content, and translations. (#4302) LG-3576 Update the piv/cac chooser page with new graphics, layout, content, and translations. Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Fixing 2FA SMS code not autocompleting in Safari (#4303) **Why**: - 2FA code field does not sugguest the code received via SMS in Safari browser both on mobile and on desktop. This is to fix the issue by adding the recommended autocomplete attribute. **How**: - Setting autocomplete to one-time-code as recommended on Apple's website https://developer.apple.com/documentation/security/password_autofill/enabling_password_autofill_on_an_html_input_element and on Mozilla https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/autocomplete * One liner to fix local docker building. (#4306) With the async work being done there was a file dependency added to the gemfile. Bundle install is run in the container before the directory tree is copied into the container. * ensure input has associated label (#4311) * fix bottom margin on label (#4312) * async proofing for cac flow (#4299) * add wait step to cac flow * add async to cac proofing flow * refactor how verify steps use document capture by consolidating * remove old comments * fix bad method call * fix bad method call * lint * add specs * lint * Async resolution proofing in USPS flow (#4305) * add wait step to cac flow * add async to cac proofing flow * refactor how verify steps use document capture by consolidating * remove old comments * fix bad method call * fix bad method call * lint * add specs * lint * convert usps to async proofing * add meta refresh * remove comments * use pii method * clear uuid on done * Use lambdas for async resolution proofing calls (#4308) * add wait step to cac flow * add async to cac proofing flow * refactor how verify steps use document capture by consolidating * remove old comments * fix bad method call * fix bad method call * lint * add specs * lint * convert usps to async proofing * add meta refresh * remove comments * use pii method * clear uuid on done * track exception on lambda callback * replace VendorProofJob with lambda call * update lambda version * convert cac verify step to lambda * use lambdas for usps resolution proofing * analytics on optional show steps * use better text on waiting pages * add meta refresh tags * do not enqueue if already in document capture session * delete proofer mocks * Update app/services/flow/flow_state_machine.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Update spec/controllers/lambda_callback/resolution_proof_result_controller_spec.rb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * remove unused methods Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Convert more slim templates (#4316) * convert backup code setup create template to erb * convert two factor auth options index template to erb * convert reactivate account index template to erb * Update app/views/two_factor_authentication/options/index.html.erb Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> * Add aria-invalid attribute to all required fields (LG-3531) (#4309) * Set aria-invalid based on input validity in form-validation.js * LG-3419: Add background upload for images in document capture (#4314) * Disable restricted syntax ESLint rule **Why**: Used by AirBnB ruleset to forbid use of awaited loops due to need for regenerator-runtime. We already use regenerator-runtime, so its addition is not unwarranted or unexpected. * Await promise payload values in submission * LG-3419: Add background upload for images in document capture **Why**: In anticipation to support async upload to S3, use presigned URLs (if available) to upload images at time of value change. Submission will only occur once all images have completed uploading, and will error appropriately if async upload fails. * Omit undefined values from upload toFormData **Why**: If promise form data resolves to undefined, expect to not be included in upload payload. * Resolve background upload to undefined **Why**: Avoid including in submission payload * Add test spec for withBackgroundEncryptedUpload * Implement submission series utility as variadic function See: #4314 (comment) * DocAuth: Move it to a gem (#4307) * LG-3589: List supported MIME types for file input accept pattern (#4317) * List supported MIME types for Acuant accept pattern **Why**: As a user, I expect that if I attempt to upload a file (image or otherwise) that will not be supported by the proofing vendor, that I am made aware of this as soon as possible. I also expect that the types of files accepted by the file input match those which are described in the line above, so that the types of files which are accepted are exactly the same as those expected to be allowed to be accepted (no more, no fewer). * Fix test spec typo on JPG MIME type See: https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types * Show improved error message for unexpected file type **Why**: Per text recommendation in LG-3589. Selfie text is not entirely accurate, both verbiage and semantics. Also easier to port FileInput to reusable component as standalone string. * Update string usage from doc auth gem (#4320) * Add additional used strings from doc auth gem * Remove unused selfie string from JS configuration * LG-3672 Fix overall success rate reporting when doc capture step enabled (#4318) * LG-3645 Fix authentication costing for SAML (#4319) * Ensure advance warning of links opening new window (LG-3528) (#4310) * convert registration pii accordion to erb and add new window warning to external link * convert users emails show template to erb and add new window warning to external links * update translations * add new window warning to external links * use partial for rendering links that open new window * automatically apply external link icon * helper function and CSS update * indenting * link helper * set target=_blank * Update styles to not conflict Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * comment * support block form in new_window_link_to * use new link helper * fix a couple bugs * Update app/views/idv/doc_auth/overview.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/views/sign_up/registrations/new.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * Update app/views/sign_up/registrations/new.html.erb Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * lint * update helper to behave more like link_to * remove convert_options_to_data_attributes * maintain footer colors * fix double footer link spec Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> * LG-3416 API to verify documents (#4313) * Bump identity-idp-functions (#4328) * Bump identity-idp-functions **Why**: Removes eager ENV.fetch that caused issues for inline job execution * Update Gemfile.lock too Co-authored-by: Jonathan Hooper <jonathan.hooper@gsa.gov> Co-authored-by: Andrew Duthie <andrew.duthie@gsa.gov> Co-authored-by: Zach Margolis <zachmargolis@users.noreply.github.com> Co-authored-by: Doug Price <douglas.price@gsa.gov> Co-authored-by: Alex Mathews <44584810+amathews-fs@users.noreply.github.com> Co-authored-by: Ankur Patel <ankur.patel@ymail.com> Co-authored-by: Steve Urciuoli <steve.urciuoli@gsa.gov>
3 participants
The ticket only mentions the footer, but there were other places as well so I fixed those. I'm not sure if in some of these cases we'd rather remove the
target='_blank', but I didn't do that to any for now.This adds a partial that includes the text describing the link as opening a new window for screen readers. I also added
external-linkto our styles becauseusa-external-linkfrom USWDS includes a hover state (and we don't).The language of
(opens new window)was taken directly from https://www.w3.org/TR/WCAG20-TECHS/H83.htmlNew:
Old:
