This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.

Bug 9872 - trigger a conformance error when javascript is included in href attribute
Summary: trigger a conformance error when javascript is included in href attribute
Status: CLOSED WONTFIX
Alias: None
Product: HTML WG
Classification: Unclassified
Component: pre-LC1 HTML5 spec (editor: Ian Hickson) (show other bugs)
Version: unspecified
Hardware: PC Windows NT
: P2 normal
Target Milestone: ---
Assignee: Ian 'Hixie' Hickson
QA Contact: HTML WG Bugzilla archive list
URL:
Whiteboard:
Keywords: a11y, a11ytf, NE
Depends on:
Blocks:
 
Reported: 2010-06-07 08:58 UTC by steve faulkner
Modified: 2010-10-12 12:31 UTC (History)
8 users (show)

See Also:


Attachments

Description steve faulkner 2010-06-07 08:58:52 UTC
when javascript is included in an a elements href attribute:
<p><a href="javascript:alert()">alert</a></p>
trigger a conformance error as it is not being used a link

when the href attribute includes only a # and event handlers are also included on an a element trigger a conformance error:
<p><a href="#" onclick="alert()">alert</a></p>
Trigger a conformance error as it is not being used a link.
Comment 1 Michael[tm] Smith 2010-06-17 16:00:29 UTC
added a11ytf keyword; see http://www.w3.org/2010/06/17-html-a11y-minutes.html
for some related discussion
Comment 2 Lachlan Hunt 2010-06-17 16:17:13 UTC
Javascript URIs have real use cases. Without being able to include them in links, distributing bookmarklets to users would not be possible.

This is also not an accessibility issue either, but rather a universality issue.  Browsers utilising assistive technology can still activate and execute links with javacript: URIs without any problems.  The only browsers that are inherently affected are those without javascript supported, but that is not an accessibility specific issue.

There is also no inherent problem with the use of javascript URIs.  But rather a problem with the way in which they are commonly used in ways that are more appropriately handled with regular http links and event handlers or the target attribute.  Making all javascript URIs a conformance error because of these less than ideal uses is not the right approach to address the real problem, which is with regards to their misuse, rather than any use at all.
Comment 3 Ian 'Hixie' Hickson 2010-08-16 21:34:49 UTC
EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are satisfied with this response, please change the state of this bug to CLOSED. If you have additional information and would like the editor to reconsider, please reopen this bug. If you would like to escalate the issue to the full HTML Working Group, please add the TrackerRequest keyword to this bug, and suggest title and text for the tracker issue; or you may create a tracker issue yourself, if you are able to do so. For more details, see this document:
   http://dev.w3.org/html5/decision-policy/decision-policy.html

Status: Rejected
Change Description: no spec change
Rationale: Concurred with comment 2.
Comment 4 Michael Cooper 2010-09-07 16:08:46 UTC
Bug triage sub-team sees that there are a variety of problems with javascript URLs in @href. But these fall in the category of best practice issues, not spec conformance issues. Accessibility concerns are related to the concept of accessibility support and are again not directly a spec conformance issue. Therefore we accept closing this bug as is.