Over the past few years, browsers like Firefox and Chrome have provided tools to better protect their users with advanced security features. The latest release of axe-core, axe-core 4.0 enables us to test accessibility even in the most security-aware environments. Improvements in axe-core 4.0 include support of Content Security Policy and has additional options for rule customisations.
Read on for more details of new features and improvements in axe-core 4.0.
Full support for Content Security Policy
Content Security Policy (CSP) adds a layer of security to websites, which protects your website from malicious scripts. It is also an important new requirement that will be added to Chrome extensions, like the free axe browser extension, axe DevTools and the axe Expert Extension. Supporting CSP will ensure that the axe family of extensions continues to function as expected in future versions of Chrome.
ACT tag for published W3C rules
The W3C has quietly been working on a set of Accessibility Conformance Test (ACT) rules– formal definitions of test procedures for WCAG. There are currently 5 published ACT rules, with another 50+ in active development. ACT rules will be integrated with the soon-to-be-published WCAG 2.2.
ACT rules set the bar for high-quality WCAG testing. The first 5 rules are fully implemented in axe-core, and now have the “ACT” tag. Deque is committed to aligning our products with the baseline of ACT rules, and to contribute our insights to the ACT rules project.
ACT Rules provide reliable interpretation of the Guidelines. This ensures consistent results from different automatic testing tools and manual testing methodologies. W3C appreciates the implementation efforts to broaden use of the ACT Rules.”
–Shadi Abou-Zahra, World Wide Web Consortium (W3C)
New customisation options
One limitation that comes from supporting CSP is that there is less flexibility in the creation of custom rules. To offset some of those limitations, we have introduced a number of new configuration options and features. Some examples of new configurations options include:
- Rule level impact: You can now adjust the impact of rules, separate from checks. If you think the impact of buttons with no accessible name should be critical but want to leave it on “serious” for links, this is now possible.
- Configurable contrast: If you want to adjust the contrast minimum from 4.5:1 to 5:1 you can now do this by configuring options of the color-contrast check. Set contrastRatio.normal.expected to “5” and you’re all set!
- Standard configuration: Need to use ARIA attributes that axe-core does not support because the attribute has not made it into all major browsers? You can now do this through the standards object in axe.configure.
Alignment with axe Linter
A few months ago, Deque published axe Linter. While testing a web page is quite different than testing a code file, there is a lot these two tools have in common. In axe-core 4.0, we have made a number of changes that will allow us to more easily use it in axe Linter. This should allow us to create new rules in axe Linter, which will behave very similarly to how rules work in axe-core today.
If you haven’t tried out axe Linter yet, it is available for free for personal and open source GitHub projects. It automatically tests all pull requests with React, Vue, HTML and Markdown files for common accessibility issues, and can even suggest fixes for certain common issues.
Impact to Deque tools Customers
In axe-core 4.0 we are removing a number of deprecated rules. These have been disabled in axe-core for a while. If your organisation uses a custom ruleset that still has these rules enabled and want to keep these, you will need to add it as a custom rule. The axe-core 4.0 release notes has a list of rules (and checks) that were removed.
Organisations using custom rules will, over the next year, need to migrate their custom rules to the custom rules 4.0 format, which no longer uses text as code. If Deque has helped in the creation of your custom ruleset, a representative will be in contact with you to schedule this migration.
Finally, all axe products will be upgraded to use axe-core 4.0 in the next few months.
Axe-core 4.0 creates new opportunities for accessibility testing. It brings full support for CSP, and because of it, prepares axe-core for the upcoming security restrictions for Chrome extensions. No new rules this time, but new opportunities instead.