open/ktg-plugin-marketplace
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity Actions

fix(voyage): move sidebar toggle outside aria-hidden region (09132940)

Browse source
This commit is contained in:
Kjell Tore Guttormsen 2026-05-10 21:16:52 +02:00
commit 48ab3c9de3
2 changed files with 56 additions and 21 deletions
Download patch file Download diff file Expand all files Collapse all files

24
plugins/voyage/tests/playground/voyage-playground.test.mjs
View file

@ -483,6 +483,30 @@ test('voyage-playground.html renderArtifact strips comments before md.render (v4
assert.ok(stripIdx > 0 && stripIdx < renderIdx, 'stripUnsafeComments must run before md.render');
});
// v4.3 Step 3 — sidebar-toggle button must be a sibling of <aside aria-hidden="true">,
// not a descendant (finding 09132940 a11y). Hidden-state must not occlude the toggle.
test('voyage-playground.html sidebar-toggle is outside aria-hidden region (v4.3 Step 3, finding 09132940)', () => {
const text = readFileSync(HTML, 'utf-8');
// Find the toggle button and the aside element by their unique anchors.
const toggleIdx = text.indexOf('id="voyage-sidebar-toggle"');
const asideIdx = text.indexOf('<aside\n id="voyage-sidebar"');
// Fallback for single-line aside markup
const asideIdxAlt = text.indexOf('<aside id="voyage-sidebar"');
const asideAnchor = asideIdx > 0 ? asideIdx : asideIdxAlt;
assert.ok(toggleIdx > 0, 'voyage-sidebar-toggle must exist in HTML');
assert.ok(asideAnchor > 0, '<aside id="voyage-sidebar"> must exist in HTML');
// Toggle must precede the aside element textually
assert.ok(toggleIdx < asideAnchor,
'voyage-sidebar-toggle (idx ' + toggleIdx + ') must precede <aside id="voyage-sidebar"> (idx ' + asideAnchor + ')');
// Regression: slice between the button open-tag and its </button> close-tag,
// ensure no <aside element opens inside that slice (would mean the toggle
// is nested inside an aside).
const toggleBlockEnd = text.indexOf('</button>', toggleIdx);
assert.ok(toggleBlockEnd > toggleIdx, 'toggle button must have a </button> closer');
const toggleBlock = text.slice(toggleIdx, toggleBlockEnd);
assert.doesNotMatch(toggleBlock, /<aside\b/, 'toggle button must NOT contain a nested <aside element');
});
// v4.3 Step 1 — SC24-security defense in depth: renderArtifact bodyHtml is
// sanitized via DOMPurify before DOM injection (finding 1d3591d4).
test('voyage-playground.html renderArtifact sanitizes bodyHtml via DOMPurify (v4.3 Step 1, finding 1d3591d4)', () => {