From e284dafbc703d2c0df1e77a42eaeba7edc084fb6 Mon Sep 17 00:00:00 2001 From: Andrea Fercia Date: Wed, 20 Jul 2016 14:25:34 +0000 Subject: [PATCH] Accessibility: Ensure only text is sent to aria-live messages. While messages passed to `wp.speak.a11y()` should preferably be meaningful, short, and carefully crafted case by case, this will ensure any HTML tags will be stripped out from the message string. Props adamsilverstein. Fixes #37382. git-svn-id: https://develop.svn.wordpress.org/trunk@38115 602fd350-edb4-49c9-b593-d223f7449a82 --- src/wp-includes/js/wp-a11y.js | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/wp-includes/js/wp-a11y.js b/src/wp-includes/js/wp-a11y.js index 3acca7ff99..2507cbc2f4 100644 --- a/src/wp-includes/js/wp-a11y.js +++ b/src/wp-includes/js/wp-a11y.js @@ -20,6 +20,9 @@ window.wp = window.wp || {}; // Clear previous messages to allow repeated strings being read out. clear(); + // Ensure only text is sent to screen readers. + message = $( '

' ).html( message ).text(); + if ( $containerAssertive && 'assertive' === ariaLive ) { $containerAssertive.text( message ); } else if ( $containerPolite ) {