From the ARIA-AT automation meeting on March 14, 2022: w3c/aria-at-automation#17 (minutes)
Allowing automation of screen readers is not without security concerns, as it can effectively allow universal XSS in the browser, or even allow any input in the OS and access to things that apps normally don't have access to (e.g. the login screen).
In CI, there are also security risks, but different to a local setup. Some CI systems today disable macOS SIP (System Integrity Protection), which makes it possible to programatically turn on VoiceOver.
Ideas:
Require some form of opt-in to enable automation
Don't allow HID-level input to be simulated
Use some kind of sandbox in automated mode to limit access
From the ARIA-AT automation meeting on March 14, 2022: w3c/aria-at-automation#17 (minutes)
Allowing automation of screen readers is not without security concerns, as it can effectively allow universal XSS in the browser, or even allow any input in the OS and access to things that apps normally don't have access to (e.g. the login screen).
In CI, there are also security risks, but different to a local setup. Some CI systems today disable macOS SIP (System Integrity Protection), which makes it possible to programatically turn on VoiceOver.
Ideas:
cc @cookiecrook @mcking65 @s3ththompson