fix(aria-valid-attr-value): return false when int type attribute uses…

… invalid values (#2710) * fix(aria-valid-attr-value): return false when int type attribute uses invalid values * typo
dequelabs · Jan 4, 2021 · ce9917e · ce9917e
1 parent d7fa473
commit ce9917e
Show file tree

Hide file tree

Showing 7 changed files with 101 additions and 36 deletions.
diff --git a/doc/standards-object.md b/doc/standards-object.md
@@ -45,6 +45,7 @@ The [`ariaAttrs`](../lib/standards/aria-attrs.js) object defines valid ARIA attr
   - `decimal` - Decimal attributes accept any number or decimal value (e.g. `aria-valuemax`).
   - `int` - Integer attributes only accept whole number values (e.g. `aria-level`).
 - `values` - array(required for only `mntoken` and `mntokens`). The list of valid values for the attribute.
+- `minValue` - number(required for only `int`). The minimum value allowed for the attribute.
 - `allowEmpty` - boolean(optional, default `false`). If the attribute is allowed to have no value.
 - `global` - boolean(optional, default `false`). If the attribute is a [global ARIA attribute](https://www.w3.org/TR/wai-aria-1.1/#global_states).
 - `unsupported` - boolean(optional, default `false`). If the attribute is unsupported. Use this property to disable an attribute.

diff --git a/lib/commons/aria/validate-attr-value.js b/lib/commons/aria/validate-attr-value.js
@@ -59,7 +59,11 @@ function validateAttrValue(node, attr) {
       return !!(matches && (matches[1] || matches[2]));
 
     case 'int':
-      return /^[-+]?[0-9]+$/.test(value);
+      const minValue =
+        typeof attrInfo.minValue !== 'undefined'
+          ? attrInfo.minValue
+          : -Infinity;
+      return /^[-+]?[0-9]+$/.test(value) && parseInt(value) >= minValue;
   }
 }
 

diff --git a/lib/standards/aria-attrs.js b/lib/standards/aria-attrs.js
@@ -21,13 +21,16 @@ const ariaAttrs = {
     values: ['false', 'mixed', 'true', 'undefined']
   },
   'aria-colcount': {
-    type: 'int'
+    type: 'int',
+    minValue: -1
   },
   'aria-colindex': {
-    type: 'int'
+    type: 'int',
+    minValue: 1
   },
   'aria-colspan': {
-    type: 'int'
+    type: 'int',
+    minValue: 1
   },
   'aria-controls': {
     type: 'idrefs',
@@ -111,7 +114,8 @@ const ariaAttrs = {
     global: true
   },
   'aria-level': {
-    type: 'int'
+    type: 'int',
+    minValue: 1
   },
   'aria-live': {
     type: 'nmtoken',
@@ -141,7 +145,8 @@ const ariaAttrs = {
     allowEmpty: true
   },
   'aria-posinset': {
-    type: 'int'
+    type: 'int',
+    minValue: 1
   },
   'aria-pressed': {
     type: 'nmtoken',
@@ -164,20 +169,24 @@ const ariaAttrs = {
     global: true
   },
   'aria-rowcount': {
-    type: 'int'
+    type: 'int',
+    minValue: -1
   },
   'aria-rowindex': {
-    type: 'int'
+    type: 'int',
+    minValue: 1
   },
   'aria-rowspan': {
-    type: 'int'
+    type: 'int',
+    minValue: 0
   },
   'aria-selected': {
     type: 'nmtoken',
     values: ['false', 'true', 'undefined']
   },
   'aria-setsize': {
-    type: 'int'
+    type: 'int',
+    minValue: -1
   },
   'aria-sort': {
     type: 'nmtoken',

diff --git a/test/checks/aria/valid-attr-value.js b/test/checks/aria/valid-attr-value.js
@@ -212,6 +212,16 @@ describe('aria-valid-attr-value', function() {
     );
   });
 
+  it('should fail on aria-level when the value is less than 1', function() {
+    fixtureSetup('<div role="heading" aria-level="0">Heading</div>');
+    var failing1 = fixture.querySelector('div');
+    assert.isFalse(
+      axe.testUtils
+        .getCheckEvaluate('aria-valid-attr-value')
+        .call(checkContext, failing1)
+    );
+  });
+
   it('should return undefined on aria-describedby when the element is not in the DOM', function() {
     fixtureSetup('<button aria-describedby="test">Button</button>');
     var undefined1 = fixture.querySelector('button');

diff --git a/test/commons/aria/validate-attr-value.js b/test/commons/aria/validate-attr-value.js
@@ -396,7 +396,7 @@ describe('aria.validateAttrValue', function() {
         });
       });
 
-      it('should only allow for numbers by an optional preceeding sign', function() {
+      it('should only allow for numbers by an optional preceding sign', function() {
         node.setAttribute('pigs', '+1234234');
         assert.isTrue(axe.commons.aria.validateAttrValue(node, 'pigs'));
 
@@ -407,10 +407,48 @@ describe('aria.validateAttrValue', function() {
         assert.isTrue(axe.commons.aria.validateAttrValue(node, 'pigs'));
       });
 
+      it('should return true for value greater than or equal to minValue', function() {
+        axe.configure({
+          standards: {
+            ariaAttrs: {
+              pigs: {
+                type: 'int',
+                minValue: -1
+              }
+            }
+          }
+        });
+
+        node.setAttribute('pigs', '-1');
+        assert.isTrue(axe.commons.aria.validateAttrValue(node, 'pigs'));
+
+        node.setAttribute('pigs', '0');
+        assert.isTrue(axe.commons.aria.validateAttrValue(node, 'pigs'));
+
+        node.setAttribute('pigs', '1000');
+        assert.isTrue(axe.commons.aria.validateAttrValue(node, 'pigs'));
+      });
+
       it('returns false for empty strings without allowEmpty:true', function() {
         node.setAttribute('pigs', '');
         assert.isFalse(axe.commons.aria.validateAttrValue(node, 'pigs'));
       });
+
+      it('should return false for value less than the minValue', function() {
+        axe.configure({
+          standards: {
+            ariaAttrs: {
+              pigs: {
+                type: 'int',
+                minValue: 0
+              }
+            }
+          }
+        });
+
+        node.setAttribute('pigs', '-1');
+        assert.isFalse(axe.commons.aria.validateAttrValue(node, 'pigs'));
+      });
     });
 
     describe('boolean', function() {

diff --git a/test/integration/rules/aria-valid-attr-value/aria-valid-attr-value.html b/test/integration/rules/aria-valid-attr-value/aria-valid-attr-value.html
@@ -40,6 +40,16 @@ <h2>Violations</h2>
   <div id="violation35-ref"></div>
   <div aria-valuetext="" id="violation36"></div>
   <!-- don't allow empty aria-valuetext -->
+
+  <div aria-level="0" id="violation37">hi</div>
+  <div aria-level="-1" id="violation38">hi</div>
+  <div aria-level="-22" id="violation39">hi</div>
+
+  <div aria-posinset="0" id="violation40">hi</div>
+  <div aria-posinset="-1" id="violation41">hi</div>
+  <div aria-posinset="-22" id="violation42">hi</div>
+
+  <div aria-setsize="-22" id="violation43">hi</div>
 </div>
 <h2>Possible False Positives</h2>
 <div>
@@ -119,13 +129,10 @@ <h2>Possible False Positives</h2>
   <div aria-labelledby="ref ref2 failedref" id="pass57">hi</div>
   <div aria-labelledby=" ref ref2 " id="pass58">hi</div>
 
-  <div aria-level="0" id="pass59">hi</div>
-  <div aria-level="1" id="pass60">hi</div>
-  <div aria-level="22" id="pass61">hi</div>
-  <div aria-level="-1" id="pass62">hi</div>
-  <div aria-level="-22" id="pass63">hi</div>
-  <div aria-level="+1" id="pass64">hi</div>
-  <div aria-level="+22" id="pass65">hi</div>
+  <div aria-level="1" id="pass59">hi</div>
+  <div aria-level="22" id="pass60">hi</div>
+  <div aria-level="+1" id="pass61">hi</div>
+  <div aria-level="+22" id="pass62">hi</div>
 
   <div aria-live="off" id="pass66">hi</div>
   <div aria-live="polite" id="pass67">hi</div>
@@ -147,13 +154,10 @@ <h2>Possible False Positives</h2>
   <div aria-owns="ref ref2 failedref" id="pass78">hi</div>
   <div aria-owns=" ref ref2 " id="pass79">hi</div>
 
-  <div aria-posinset="0" id="pass80">hi</div>
-  <div aria-posinset="1" id="pass81">hi</div>
-  <div aria-posinset="22" id="pass82">hi</div>
-  <div aria-posinset="-1" id="pass83">hi</div>
-  <div aria-posinset="-22" id="pass84">hi</div>
-  <div aria-posinset="+1" id="pass85">hi</div>
-  <div aria-posinset="+22" id="pass86">hi</div>
+  <div aria-posinset="1" id="pass80">hi</div>
+  <div aria-posinset="22" id="pass81">hi</div>
+  <div aria-posinset="+1" id="pass82">hi</div>
+  <div aria-posinset="+22" id="pass83">hi</div>
 
   <div aria-pressed="true" id="pass87">hi</div>
   <div aria-pressed="false" id="pass88">hi</div>
@@ -179,9 +183,8 @@ <h2>Possible False Positives</h2>
   <div aria-setsize="1" id="pass103">hi</div>
   <div aria-setsize="22" id="pass104">hi</div>
   <div aria-setsize="-1" id="pass105">hi</div>
-  <div aria-setsize="-22" id="pass106">hi</div>
-  <div aria-setsize="+1" id="pass107">hi</div>
-  <div aria-setsize="+22" id="pass108">hi</div>
+  <div aria-setsize="+1" id="pass106">hi</div>
+  <div aria-setsize="+22" id="pass107">hi</div>
 
   <div aria-sort="ascending" id="pass109">hi</div>
   <div aria-sort="descending" id="pass110">hi</div>

diff --git a/test/integration/rules/aria-valid-attr-value/aria-valid-attr-value.json b/test/integration/rules/aria-valid-attr-value/aria-valid-attr-value.json
@@ -35,7 +35,14 @@
     ["#violation33"],
     ["#violation34"],
     ["#violation35"],
-    ["#violation36"]
+    ["#violation36"],
+    ["#violation37"],
+    ["#violation38"],
+    ["#violation39"],
+    ["#violation40"],
+    ["#violation41"],
+    ["#violation42"],
+    ["#violation43"]
   ],
   "passes": [
     ["#pass1"],
@@ -100,9 +107,6 @@
     ["#pass60"],
     ["#pass61"],
     ["#pass62"],
-    ["#pass63"],
-    ["#pass64"],
-    ["#pass65"],
     ["#pass66"],
     ["#pass67"],
     ["#pass68"],
@@ -121,9 +125,6 @@
     ["#pass81"],
     ["#pass82"],
     ["#pass83"],
-    ["#pass84"],
-    ["#pass85"],
-    ["#pass86"],
     ["#pass87"],
     ["#pass88"],
     ["#pass89"],
@@ -145,7 +146,6 @@
     ["#pass105"],
     ["#pass106"],
     ["#pass107"],
-    ["#pass108"],
     ["#pass109"],
     ["#pass110"],
     ["#pass111"],