Skip to content

🧪 POC: Per-rule exclusions config for JS scanner checks#1723

Draft
SteveJonesDev wants to merge 3 commits into
developfrom
steve/pro-474-test-rule-filters-since-js-scanning-has-been-added
Draft

🧪 POC: Per-rule exclusions config for JS scanner checks#1723
SteveJonesDev wants to merge 3 commits into
developfrom
steve/pro-474-test-rule-filters-since-js-scanning-has-been-added

Conversation

@SteveJonesDev

@SteveJonesDev SteveJonesDev commented May 28, 2026

Copy link
Copy Markdown
Member

Summary

  • Adds an exclusions key to PHP rule configs, allowing WordPress-specific CSS selectors to be declared at the rule level rather than hardcoded in generic JS check logic
  • Threads those exclusions through the existing scanOptions pipeline (PHP → wp_localize_script → iframe window.scanOptions) so the JS check can apply them via node.matches()
  • Removes the hardcoded wp-block-spacer check from aria-hidden-valid-usage.js and replaces it with the new config-driven approach; adds the two new WP core block overlay patterns from issue Additional core block exclusions on aria-hidden #567 at the same time

Motivation

The JS scanner rules are used as a standalone package outside of WordPress. Hardcoding WordPress class names (like wp-block-spacer) directly in the JS checks pollutes generic accessibility logic with framework-specific knowledge. This approach keeps the JS checks clean and moves all WordPress-specific exclusion knowledge into the PHP rule config where it belongs.

How it works

PHP rule config (AriaHiddenRule.php):

'exclusions' => [
    '.wp-block-spacer',
    '.wp-block-cover__background.has-background-dim',
    '.wp-block-post-featured-image__overlay.has-background-dim',
],

Collected at enqueue time (class-enqueue-admin.php) and passed as ruleExclusions in edac_editor_app.

Forwarded to iframe (checkPage.js) via window.scanOptions.ruleExclusions.

Applied in JS check (aria-hidden-valid-usage.js) using node.matches(selector) — no WordPress knowledge in the check itself.

Test plan

  • Verify cover block background dim spans no longer trigger aria-hidden warnings
  • Verify post featured image overlay spans no longer trigger aria-hidden warnings
  • Verify legitimate aria-hidden misuse still flags correctly
  • Verify wp-block-spacer elements still pass (now via config rather than hardcoded)
  • Confirm the JS package used outside WordPress still functions with an empty exclusions array

Closes #567

Fixes PRO-475

🤖 Generated with Claude Code

Summary by CodeRabbit

  • New Features
    • Added configurable exclusions for aria-hidden validation, enabling administrators to exclude specific elements and block types from accessibility checks, providing more tailored validation results.

Review Change Stack

… of generic JS checks

Adds an `exclusions` key to the PHP rule config (AriaHiddenRule as the first
consumer). These selectors are collected at enqueue time and passed through the
existing scanOptions pipeline (PHP → wp_localize_script → iframe window) to the
JS check, which applies them via node.matches() before any other logic runs.

Removes the hardcoded wp-block-spacer class check from aria-hidden-valid-usage.js
and replaces it with the new config-driven approach alongside the two new WP core
block overlay patterns from issue #567.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@coderabbitai

coderabbitai Bot commented May 28, 2026

Copy link
Copy Markdown
Contributor

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7584b8d7-64d7-4b9f-9cfd-b3394d193282

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
📝 Walkthrough

Walkthrough

This PR implements configurable rule exclusions for aria-hidden validation, enabling specific elements matching Gutenberg block selectors to bypass the check. The change flows from backend rule definition through frontend data wiring to the validation check itself.

Changes

Rule Exclusions for Aria-Hidden Validation

Layer / File(s) Summary
Rule definition and backend extraction
includes/classes/Rules/Rule/AriaHiddenRule.php, admin/class-enqueue-admin.php
AriaHiddenRule declares exclusion selectors for Gutenberg block overlays. A new get_rule_exclusions() helper extracts rule exclusions from registered rules and builds a slug-to-exclusions map passed to the frontend via wp_localize_script as ruleExclusions.
Check evaluation with options support
src/pageScanner/checks/aria-hidden-valid-usage.js
The evaluate function signature is updated to accept an optional options parameter. When options.exclusions is provided, an early validation path returns true if the node matches any exclusion selector.
Frontend data flow
src/editorApp/checkPage.js, src/pageScanner/config/rules.js
The iframe load handler now passes ruleExclusions into scanOptions alongside maxAltLength. The rules configuration wires the aria-hidden check to use those exclusions by overriding ariaHiddenValidUsage.options.exclusions from the localized window data.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Possibly related PRs

Suggested labels

codex

Suggested reviewers

  • pattonwebz

Poem

🐰 A rabbit hops through aria-hidden rules,
With exclusions now—no more false tools!
Gutenberg blocks get a pass today,
While checkboxes correctly stay.
Selectors match, and validation's keen. ✨

🚥 Pre-merge checks | ✅ 5
✅ Passed checks (5 passed)
Check name Status Explanation
Linked Issues check ✅ Passed The PR successfully implements exclusions for the aria-hidden rule by adding WordPress core block selectors (wp-block-cover, wp-block-post-featured-image overlays) to the exclusions list as required by issue #567.
Out of Scope Changes check ✅ Passed All changes are directly related to implementing the per-rule exclusions config system and addressing the aria-hidden rule requirements specified in issue #567; no out-of-scope modifications detected.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title describes the main change: introducing per-rule exclusions configuration for JS scanner checks, which is the central feature across all modified files.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch steve/pro-474-test-rule-filters-since-js-scanning-has-been-added

Comment @coderabbitai help to get the list of available commands and usage tips.

@gemini-code-assist gemini-code-assist Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request introduces a mechanism to dynamically exclude specific elements from accessibility checks by passing rule-specific exclusion selectors from PHP to the frontend scanner. Feedback focuses on improving robustness: wrapping the node.matches call in a try...catch block to prevent crashes from malformed selectors, using the spread operator when assigning scanOptions to avoid overwriting existing properties, and adding defensive checks in PHP to ensure rule slugs and exclusions are properly defined and typed.

Comment thread src/pageScanner/checks/aria-hidden-valid-usage.js
Comment thread src/editorApp/checkPage.js
Comment thread admin/class-enqueue-admin.php Outdated

@chatgpt-codex-connector chatgpt-codex-connector Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: fc27d9e6db

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

  • Open a pull request for review
  • Mark a draft as ready
  • Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

Comment thread src/pageScanner/config/rules.js

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In `@src/pageScanner/checks/aria-hidden-valid-usage.js`:
- Around line 24-30: The exclusions handling in the aria-hidden-valid-usage
check should defensively normalize options?.exclusions to an array and guard
node.matches(selector) against malformed selectors; update the exclusions
initialization in aria-hidden-valid-usage.js (the exclusions variable and the
for (const selector of exclusions) loop) to coerce non-array inputs into an
array (e.g., via Array.isArray or [].concat) and wrap the node.matches(selector)
call in a try/catch that skips selectors which throw so the scan continues
safely.
🪄 Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 33bc4500-d888-4b82-bf04-47f82e62be01

📥 Commits

Reviewing files that changed from the base of the PR and between 6986dfa and fc27d9e.

📒 Files selected for processing (5)
  • admin/class-enqueue-admin.php
  • includes/classes/Rules/Rule/AriaHiddenRule.php
  • src/editorApp/checkPage.js
  • src/pageScanner/checks/aria-hidden-valid-usage.js
  • src/pageScanner/config/rules.js

Comment thread src/pageScanner/checks/aria-hidden-valid-usage.js
@SteveJonesDev SteveJonesDev changed the title POC: Per-rule exclusions config for JS scanner checks 🧪 POC: Per-rule exclusions config for JS scanner checks Jun 2, 2026
@SteveJonesDev
SteveJonesDev marked this pull request as draft June 2, 2026 00:30
SteveJonesDev and others added 2 commits June 1, 2026 20:43
- aria-hidden-valid-usage.js: use Array.isArray() guard and wrap node.matches()
  in try/catch so malformed selectors can't crash the scan
- checkPage.js: spread existing scanOptions rather than replacing the object
  wholesale, preserving any properties set by other code
- class-enqueue-admin.php: add is_array() defensive check in get_rule_exclusions(),
  make the method public so it can be reused by the frontend enqueue class
- class-enqueue-frontend.php: pass ruleExclusions to edacFrontendHighlighterApp
  so frontend highlighter scans receive the same exclusions as editor iframe scans
- frontendHighlighterApp/index.js: populate window.scanOptions.ruleExclusions
  from the localized data before the scan runs, fixing a regression where removing
  the hardcoded wp-block-spacer check would have caused false positives on
  frontend rescans

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
The ariaHiddenValid test registered the check without options, so the
wp-block-spacer test case started failing once the hardcoded class check
was removed. Update beforeAll to pass the WordPress exclusions via check
options, mirroring exactly what config/rules.js does at runtime via
window.scanOptions.

Also adds test cases for the two new WP core overlay selectors introduced
in this POC (cover block background dim and post featured image overlay).

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@SteveJonesDev

Copy link
Copy Markdown
Member Author

Addressed all inline review feedback in follow-up commits:

aria-hidden-valid-usage.js (comments by @gemini-code-assist and @coderabbitai): Added Array.isArray() guard and wrapped node.matches() in try/catch so malformed selectors can't crash the scan.

checkPage.js (@gemini-code-assist): Now spreads existing scanOptions before assigning new keys — nothing previously set gets overwritten.

class-enqueue-admin.php (@gemini-code-assist): Added is_array() + non-empty $rule['slug'] checks in get_rule_exclusions() as defensive guards.

Frontend scan regression (config/rules.js, @chatgpt-codex-connector): ruleExclusions is now passed via edacFrontendHighlighterApp in class-enqueue-frontend.php and wired into window.scanOptions in frontendHighlighterApp/index.js before the scan runs — frontend rescans now get the same exclusions as editor iframe scans.

Jest failure: The ariaHiddenValid.test.js beforeAll wasn't passing check options, so the wp-block-spacer test broke when the hardcoded class check was removed. Updated the test to configure axe with the WP exclusions via check options, mirroring what config/rules.js does at runtime. Also added test cases for the two new overlay selectors from issue #567.

@coderabbitai

coderabbitai Bot commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Tip

For best results, initiate chat on the files or code changes.

🧩 Analysis chain

🏁 Script executed:

#!/bin/bash
# List coderabbitai's review comments on PR `#1723`
gh pr view 1723 --repo equalizedigital/accessibility-checker --json reviews,comments

# List review thread comments to find coderabbitai's comments to resolve
gh api graphql -f query='
{
  repository(owner: "equalizedigital", name: "accessibility-checker") {
    pullRequest(number: 1723) {
      reviewThreads(first: 50) {
        nodes {
          id
          isResolved
          comments(first: 5) {
            nodes {
              author { login }
              body
              id
            }
          }
        }
      }
    }
  }
}'

Length of output: 27549


🏁 Script executed:

#!/bin/bash
# Resolve coderabbitai's review thread PRRT_kwDOEu6fTc6FiBex
gh api graphql -f query='
mutation {
  resolveReviewThread(input: { threadId: "PRRT_kwDOEu6fTc6FiBex" }) {
    thread {
      id
      isResolved
    }
  }
}'

Length of output: 368



@SteveJonesDev Great work across the board! My review comment has been resolved. The end-to-end coverage — from PHP rule definition → localized script data → editor iframe scan → frontend highlighter scan — is solid, and the test suite now properly mirrors the runtime configuration. This PR is in good shape. 🐇 ✨

@chatgpt-codex-connector

Copy link
Copy Markdown

Summary

Testing

  • npm run test:jest -- --runTestsByPath tests/jest/rules/ariaHiddenValid.test.js
  • git status --short — working tree is clean.

View task →

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Additional core block exclusions on aria-hidden

1 participant