Changeset 59948

Timestamp:

03/06/2025 11:46:47 PM (7 weeks ago)

Author:

joedolson

Message:

Menus: Validate custom links and add accessible error messages.

Add URL validation in the admin navigation menu manager that matches the validation in the customizer when adding custom links. Improve accessibility of both custom link forms by adding aria-invalid and aria-describedby attributes with visible error messages and announcing the error using wp.a11y.speak().

Props joedolson, nikitasolanki1812, akrocks, pathan-amaankhan, rcreators, ironprogrammer, audrasjb, ankit-k-gupta, chaion07, rinkalpagdar, snehapatil02, jainil07, parthvataliya.
Fixes #60619, #60969.

Location:

trunk/src

Files:

• js/_enqueues/lib/nav-menu.js (modified) (3 diffs)
• js/_enqueues/wp/customize/nav-menus.js (modified) (3 diffs)
• wp-admin/css/nav-menus.css (modified) (1 diff)
• wp-admin/includes/nav-menu.php (modified) (1 diff)
• wp-includes/class-wp-customize-nav-menus.php (modified) (1 diff)

trunk/src/js/_enqueues/lib/nav-menu.js

@@ -1103 +1103 @@
 
             $('#add-custom-links input[type="text"]').on( 'keypress', function(e){
-                $('#customlinkdiv').removeClass('form-invalid');
+                $( '#customlinkdiv' ).removeClass( 'form-invalid' );
+                $( '#custom-menu-item-url' ).removeAttr( 'aria-invalid' ).removeAttr( 'aria-describedby' );
+                $( '#custom-url-error' ).hide();
 
                 if ( e.keyCode === 13 ) {
                     e.preventDefault();
                     $( '#submit-customlinkdiv' ).trigger( 'click' );
+                }
+            });
+
+            $( '#submit-customlinkdiv' ).on( 'click', function (e) {
+                var urlInput = $( '#custom-menu-item-url' ),
+                    url = urlInput.val().trim(),
+                    errorMessage = $( '#custom-url-error' ),
+                    urlWrap = $( '#menu-item-url-wrap' ),
+                    urlRegex;
+
+                // Hide the error message initially
+                errorMessage.hide();
+                urlWrap.removeClass( 'has-error' );
+
+                /*
+                 * Allow URLs including:
+                 * - http://example.com/
+                 * - //example.com
+                 * - /directory/
+                 * - ?query-param
+                 * - #target
+                 * - mailto:foo@example.com
+                 *
+                 * Any further validation will be handled on the server when the setting is attempted to be saved,
+                 * so this pattern does not need to be complete.
+                 */
+                urlRegex = /^((\w+:)?\/\/\w.*|\w+:(?!\/\/$)|\/|\?|#)/;
+                if ( ! urlRegex.test( url ) ) {
+                    e.preventDefault();
+                    urlInput.addClass( 'form-invalid' )
+                        .attr( 'aria-invalid', 'true' )
+                        .attr( 'aria-describedby', 'custom-url-error' );
+
+                    errorMessage.show();
+                    var errorText = errorMessage.text();
+                    urlWrap.addClass( 'has-error' );
+                    // Announce error message via screen reader
+                    wp.a11y.speak( errorText, 'assertive' );
                 }
             });
@@ -1390 +1430 @@
         addCustomLink : function( processMethod ) {
             var url = $('#custom-menu-item-url').val().toString(),
-                label = $('#custom-menu-item-name').val();
+                label = $('#custom-menu-item-name').val(),
+                urlRegex;
 
             if ( '' !== url ) {
@@ -1398 +1439 @@
             processMethod = processMethod || api.addMenuItemToBottom;
 
-            if ( '' === url || 'https://' == url || 'http://' == url ) {
+            /*
+             * Allow URLs including:
+             * - http://example.com/
+             * - //example.com
+             * - /directory/
+             * - ?query-param
+             * - #target
+             * - mailto:foo@example.com
+             *
+             * Any further validation will be handled on the server when the setting is attempted to be saved,
+             * so this pattern does not need to be complete.
+             */
+            urlRegex = /^((\w+:)?\/\/\w.*|\w+:(?!\/\/$)|\/|\?|#)/;
+            if ( ! urlRegex.test( url ) ) {
                 $('#customlinkdiv').addClass('form-invalid');
                 return false;

trunk/src/js/_enqueues/wp/customize/nav-menus.js

@@ -224 +224 @@
             this.$el.on( 'input', '#custom-menu-item-name.invalid, #custom-menu-item-url.invalid', function() {
                 $( this ).removeClass( 'invalid' );
+                var errorMessageId = $( this ).attr( 'aria-describedby' );
+                $( '#' + errorMessageId ).hide();
+                $( this ).removeAttr( 'aria-invalid' ).removeAttr( 'aria-describedby' );
             });
 
@@ -547 +550 @@
                 itemName = $( '#custom-menu-item-name' ),
                 itemUrl = $( '#custom-menu-item-url' ),
+                urlErrorMessage = $( '#custom-url-error' ),
+                nameErrorMessage = $( '#custom-name-error' ),
                 url = itemUrl.val().trim(),
-                urlRegex;
+                urlRegex,
+                errorText;
 
             if ( ! this.currentMenuControl ) {
@@ -567 +573 @@
              */
             urlRegex = /^((\w+:)?\/\/\w.*|\w+:(?!\/\/$)|\/|\?|#)/;
-
-            if ( '' === itemName.val() ) {
-                itemName.addClass( 'invalid' );
+            if ( ! urlRegex.test( url ) || '' === itemName.val() ) {
+                if ( ! urlRegex.test( url ) ) {
+                    itemUrl.addClass( 'invalid' )
+                        .attr( 'aria-invalid', 'true' )
+                        .attr( 'aria-describedby', 'custom-url-error' );
+                    urlErrorMessage.show();
+                    errorText = urlErrorMessage.text();
+                    // Announce error message via screen reader
+                    wp.a11y.speak( errorText, 'assertive' );
+                }
+                if ( '' === itemName.val() ) {
+                    itemName.addClass( 'invalid' )
+                        .attr( 'aria-invalid', 'true' )
+                        .attr( 'aria-describedby', 'custom-name-error' );
+                    nameErrorMessage.show();
+                    errorText = ( '' === errorText ) ? nameErrorMessage.text() : errorText + nameErrorMessage.text();
+                    // Announce error message via screen reader
+                    wp.a11y.speak( errorText, 'assertive' );
+                }
                 return;
-            } else if ( ! urlRegex.test( url ) ) {
-                itemUrl.addClass( 'invalid' );
-                return;
-            }
+            }
+
+            urlErrorMessage.hide();
+            nameErrorMessage.hide();
+            itemName.removeClass( 'invalid' )
+                .removeAttr( 'aria-invalid', 'true' )
+                .removeAttr( 'aria-describedby', 'custom-name-error' );
+            itemUrl.removeClass( 'invalid' )
+                .removeAttr( 'aria-invalid', 'true' )
+                .removeAttr( 'aria-describedby', 'custom-name-error' );
 
             menuItem = {

trunk/src/wp-admin/css/nav-menus.css

@@ -378 +378 @@
 /* Add Menu Item Boxes */
 .postbox .howto input,
-.customlinkdiv .menu-item-textbox {
+.customlinkdiv .menu-item-textbox,
+.customlinkdiv .error-message {
     width: 180px;
     float: right;
+}
+
+.customlinkdiv .error-message {
+    clear: right;
 }
 

trunk/src/wp-admin/includes/nav-menu.php

@@ -352 +352 @@
                 class="code menu-item-textbox form-required" placeholder="https://"
             />
+            <span id="custom-url-error" class="error-message" style="display: none;"><?php _e( 'Please provide a valid link.' ); ?></span>
         </p>
 

trunk/src/wp-includes/class-wp-customize-nav-menus.php

@@ -1269 +1269 @@
                     <label class="howto" for="custom-menu-item-url"><?php _e( 'URL' ); ?></label>
                     <input id="custom-menu-item-url" name="menu-item[-1][menu-item-url]" type="text" class="code menu-item-textbox" placeholder="https://">
+                    <span id="custom-url-error" class="error-message" style="display: none;"><?php _e( 'Please provide a valid link.' ); ?></span>
                 </p>
                 <p id="menu-item-name-wrap" class="wp-clearfix">
                     <label class="howto" for="custom-menu-item-name"><?php _e( 'Link Text' ); ?></label>
                     <input id="custom-menu-item-name" name="menu-item[-1][menu-item-title]" type="text" class="regular-text menu-item-textbox">
+                    <span id="custom-name-error" class="error-message" style="display: none;"><?php _e( 'The link text cannot be empty.' ); ?></span>
                 </p>
                 <p class="button-controls">