Improve onion site key accessibility for screen readers

Merge Info

Related Issues

• #43263 (closed)
• #43275

Backporting

Timeline

• Immediate: patchset needed as soon as possible
• Next Minor Stable Release: patchset that needs to be verified in nightly before backport
• Eventually: patchset that needs to be verified in alpha before backport
• No Backport (preferred): patchset for the next major stable

(Optional) Justification

• Emergency security update: patchset fixes CVEs, 0-days, etc
• Censorship event: patchset enables censorship circumvention
• Critical bug-fix: patchset fixes a bug in core-functionality
• Consistency: patchset which would make development easier if it were in both the alpha and release branches; developer tools, build system changes, etc
• Sponsor required: patchset required for sponsor
• Localization: typos and other localization changes that should be also in the release branch
• Other: please explain

Merging

• Merge to tor-browser - !fixups to tor-browser-specific commits, new features, security backports
• Merge to base-browser - !fixups to base-browser-specific commits, new features to be shared with mullvad-browser, and security backports
  • NOTE: if your changeset includes patches to both base-browser and tor-browser please clearly label in the change description which commits should be cherry-picked to base-browser after merging

Issue Tracking

• Link resolved issues with appropriate Release Prep issue for changelog generation

Review

Request Reviewer

• Request review from an applications developer depending on modified system:
  • NOTE: if the MR modifies multiple areas, please /cc all the relevant reviewers (since gitlab only allows 1 reviewer)
  • accessibility : henry
  • android : clairehurst, dan
  • build system : boklm
  • extensions : ma1
  • firefox internals (XUL/JS/XPCOM) : jwilde, ma1
  • fonts : pierov
  • frontend (implementation) : henry
  • frontend (review) : donuts, richard
  • localization : henry, pierov
  • macOS : clairehurst, dan
  • nightly builds : boklm
  • rebases/release-prep : dan, ma1, pierov, richard
  • security : jwilde, ma1
  • signing : boklm, richard
  • updater : pierov
  • windows : jwilde, richard
  • misc/other : pierov, richard

Change Description

For the onion site keys dialog, we:

• Add an alert role to the error message so that it gets announced for screen readers.
• Associate the error message with the input using aria-invalid and aria-errormessage.

For the onion site saved keys dialog in the privacy preferences:

• Add an alert role to the error message when failing to remove a key.
• Use spoof-button-disabled for the "Remove" and "Remove all" buttons, so that the user focus is not lost during the async operation.
• Move the user focus back to the onion site table after successfully removing keys.

I also tweaked the existing spoof-button-disabled buttons to use tabIndex = -1 as a simpler way to keep focus, but still remove the button from the focus cycle. Also added some notes since I'm hoping we can move this kind of behaviour to upstream moz-button instead. See #43275.

I also removed an unnecessary aria-live="assertive" attribute from an existing role="alert" element.

How Tested

With Orca running.

Visited http://pierovlcy7baatz7xcaccbf2kanct3hvkhcgedz4cbrmcg2ybmjalxad.onion and entered some random characters. Error message was announced.

After adding and saving at least one key, opened the "saved keys" dialog in preferences. Removing a key also moved to the table afterwards.

Also opened the "saved keys" dialog with at least one key, then killed the tor process. Removing the key fails with an announced alert. With the tor process still missing, re-opened the dialog. Immediately got an announced alert that the keys could not be loaded.

Also tested the existing spoof-button-disabled cases. E.g. the internet "Test" button at the top of "about:preferences#connection".

I will also test this with NVDA once it reaches the nightly release.