fix(color-contrast): account for text-shadow #2334
Conversation
lib/commons/color/color.js
Outdated
| @@ -83,6 +107,31 @@ function Color(red, green, blue, alpha) { | |||
| } | |||
| }; | |||
|
|
|||
| this.parseHexString = function(colorString) { | |||
There was a problem hiding this comment.
NBD either way, but now that we can import things, I'm curious why you didn't grab something from npm rather than building this yourself.
There was a problem hiding this comment.
Security / package size. I know this does exactly what we need, and nothing else.
There was a problem hiding this comment.
Our bundler should be tree-shaking any unused dependency code out for us, and we would "bundle" it at build-time so it'd be easier to analyze the sources. I understand the security concern, but am just worried about adding more to the list of complex things we're responsible for maintaining. Not worth blocking this PR, but I thought once we'd migrated to modules, we'd stop "reinventing the wheel".
lib/standards/css-colors.js
Outdated
| @@ -0,0 +1,147 @@ | |||
| // Source: https://www.w3.org/TR/css-color-3/#svg-color | |||
| const cssColors = { | |||
There was a problem hiding this comment.
There are a few packages available from npm that have these listed in them already. Do we want to be responsible for keeping this list up-to-date, or should we offload that responsibility to the maintainers of one of the existing packages?
There was a problem hiding this comment.
Also, this is out-of-date. For example "rebeccapurple" has been added.
There was a problem hiding this comment.
Yer right, we should use CSS 4 stuff here. As for why not NPM. Partially because if we do this ourselves we get exactly what we want, and it is more secure.
There was a problem hiding this comment.
Are we going to remember to update this when changes are made to the spec?
There was a problem hiding this comment.
I'm cued into W3C publications, I do keep an eye out for things like this.
There was a problem hiding this comment.
I could be convinced either way. On the one had, theres https://github.com/bahamas10/css-color-names which auto-generates a single JSON list of colors (which is nicer than hand maintaining it). On the other hand, a list like this allows users to add their own so we aren't waiting on new names to work in all the browsers before we add it.
Personally, if we don't care about users being able to customize this list then we should probably just grab it from that npm package so we don't have to worry about it.
There was a problem hiding this comment.
I'm not convinced that we're any more secure by not using npm packages for this. We (or someone else?) could vet any packages we rely on and we could use strict versioning to ensure the vetted version is always installed. We'd have "dependabot" (or alike) warn us if a security concern was found, and the dependency would be "bundled" into axe itself. The way our build works would prevent any additional trips to the npm registry for the end-user.
Can you please clarify the security concern?
If you'd rather not discuss this on your PR, I'm happy to open an issue to hold this conversation.
lib/standards/css-colors.js
Outdated
| @@ -0,0 +1,147 @@ | |||
| // Source: https://www.w3.org/TR/css-color-3/#svg-color | |||
| const cssColors = { | |||
There was a problem hiding this comment.
I could be convinced either way. On the one had, theres https://github.com/bahamas10/css-color-names which auto-generates a single JSON list of colors (which is nicer than hand maintaining it). On the other hand, a list like this allows users to add their own so we aren't waiting on new names to work in all the browsers before we add it.
Personally, if we don't care about users being able to customize this list then we should probably just grab it from that npm package so we don't have to worry about it.
lib/commons/color/color.js
Outdated
| @@ -38,8 +42,30 @@ function Color(red, green, blue, alpha) { | |||
| ); | |||
| }; | |||
|
|
|||
| var rgbRegex = /^rgb\((\d+), (\d+), (\d+)\)$/; | |||
| var rgbaRegex = /^rgba\((\d+), (\d+), (\d+), (\d*(\.\d+)?)\)/; | |||
| const rgbRegex = /^rgb\(([0-9.]+),\s*([0-9.]+),\s*([0-9.]+)\)$/i; | |||
There was a problem hiding this comment.
Can rgb values be decimals?
There was a problem hiding this comment.
You mean floating point number? Yeah, they can. I didn't know that either until I looked into this.
lib/commons/color/color.js
Outdated
| const rgbRegex = /^rgb\(([0-9.]+),\s*([0-9.]+),\s*([0-9.]+)\)$/i; | ||
| const rgbaRegex = /^rgba\(([0-9.]+),\s*([0-9.]+),\s*([0-9.]+),\s*([0-9.]*(\.[0-9.]+)?)\)$/i; |
There was a problem hiding this comment.
Not a big deal but we could combine the two different regexs into one. This will match rgb values as well as rgba values and capture all 4 groups.
| const rgbRegex = /^rgb\(([0-9.]+),\s*([0-9.]+),\s*([0-9.]+)\)$/i; | |
| const rgbaRegex = /^rgba\(([0-9.]+),\s*([0-9.]+),\s*([0-9.]+),\s*([0-9.]*(\.[0-9.]+)?)\)$/i; | |
| const rgbRegex = /^rgba?\(([\d.]+)\,\s*([\d.]+),\s*([\d.]+),?(?:\)|\s*([\d.]+)\))/ |
'rgb(12, 14, 1)'.match(rgbRegex); // [rgb(12, 14, 1), 12, 14, 1, undefined]
'rgba(255, 1, 24, 0.8)'.match(rgbRegex); // [rgba(255, 1, 24, 0.8), 255, 1, 24, 0.8]| function blurRadiusToAlpha(blurRadius) { | ||
| // This formula is an estimate based on various tests. | ||
| // Different people test this differently, so opinions may vary. | ||
| return 3.7 / (blurRadius + 8); |
There was a problem hiding this comment.
Could you leave a comment in the code explaining the formula and magic numbers? If we needed to adjust this formula based on user feedback, what would we need to adjust to get the desired results?
There was a problem hiding this comment.
Why was this resolved? I wouldn't be able to change this formula if we had to adjust it based on user feedback. Where does 3.7 and blurRadius + 8 come from? I know it was based on testing, if they are truly magic then maybe include the results of those tests so we can better gauge how to adjust this in the future.
There was a problem hiding this comment.
Afraid I don't have the data anymore, sorry. These estimates are pretty rough.
There was a problem hiding this comment.
Don't want this to get lost. Are we not worried about hsl() and hsla() colors?
Co-authored-by: Steven Lambert <[email protected]>
WilcoFiers
changed the title
WilcoFiers
changed the title
Co-authored-by: Steven Lambert <[email protected]>
| function blurRadiusToAlpha(blurRadius) { | ||
| // This formula is an estimate based on various tests. | ||
| // Different people test this differently, so opinions may vary. | ||
| return 3.7 / (blurRadius + 8); |
There was a problem hiding this comment.
Why was this resolved? I wouldn't be able to change this formula if we had to adjust it based on user feedback. Where does 3.7 and blurRadius + 8 come from? I know it was based on testing, if they are truly magic then maybe include the results of those tests so we can better gauge how to adjust this in the future.
| @@ -1,5 +1,18 @@ | |||
| describe('color-contrast code highlighting test', function() { | |||
| 'use strict'; | |||
| var results; | |||
|
|
|||
| before(function(done) { | |||
There was a problem hiding this comment.
This will undo the changes I made to fix the flaky test. The before that waits for the window load event needs to happen first before we run axe on the file.
Take text-shadow into account when computing the background color of a text node.
Related #246
Reviewer checks
Required fields, to be filled out by PR reviewer(s)