Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Security:AttackDiscovery:ViewInAIassistant]Close button on View in AI assistant is missing discernible text #206362

Closed
bhavyarm opened this issue Jan 10, 2025 · 3 comments
Assignees
Labels
defect-level-1 Critical UX disruption impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Project:Accessibility Team:Security Generative AI Security Generative AI Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.

Comments

@bhavyarm
Copy link
Contributor

bhavyarm commented Jan 10, 2025

Description
Close button on view in AI assistant is missing discernible text. Assistive technologies don't know what they need to announce.

Preconditions
Security -> attack discovery -> connect a connector -> generate attack discovery report->open view in AI assistant

Steps to reproduce

  1. Open attack discovery page and click on view in AI assistant on the attack discovery report
  2. Run axe-core through the page
  3. Notice that close button is missing accessible label
Image

Kibana Version: 8.17.0

OS: OX X

Browser: Chrome latest

WCAG or Vendor Guidance (optional)

Guidelines:
Understanding SC 4.1.2: Name, Role, Value (Level A)(https://www.w3.org/WAI/WCAG22/Understanding/name-role-value.html)

Related to: https://github.com/elastic/kibana-team/issues/1280

@bhavyarm bhavyarm added defect-level-1 Critical UX disruption impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Project:Accessibility Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc. labels Jan 10, 2025
@elasticmachine
Copy link
Contributor

Pinging @elastic/kibana-accessibility (Project:Accessibility)

@elasticmachine
Copy link
Contributor

Pinging @elastic/security-solution (Team: SecuritySolution)

@andrew-goldstein andrew-goldstein self-assigned this Jan 16, 2025
@andrew-goldstein andrew-goldstein added the Team:Security Generative AI Security Generative AI label Jan 17, 2025
andrew-goldstein added a commit to andrew-goldstein/kibana that referenced this issue Jan 17, 2025
… accessibility (a11y) issues

This PR fixes the following Security Assistant accessibility (a11y) issues:

- <elastic#206348> - _The ai assistant settings and actions button is announced wrong_
- <elastic#206362> - _Close button on View in AI assistant is missing discernible text_
- <elastic#206875> - _Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled_

### Details

#### [206348](elastic#206348) - The ai assistant settings and actions button is announced wrong

This issue was resolved by adding an `aria-label` to the assistant settings context menu.

This fix was desk tested using Voiceover, as illustrated by the following screenshots:

**Before:**

![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)

**After:**

![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)

Desk testing: see [206348](elastic#206348) for reproduction steps

#### [206362](elastic#206362) - Close button on View in AI assistant is missing discernible text

This issue was resolved by adding an `aria-label` to the assistant close button.

This fix was desk tested using Axe, as illustrated by the following screenshots:

**Before:**

![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)

**After:**

![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)

Desk testing: see [206362](elastic#206362) for reproduction steps

#### [206875](elastic#206875) - Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled

Issue [206875](elastic#206875) includes the following statement:

> Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets disabled. All it says right now "show anonymized"

The first part of the statement above:

> Anonymization button doesn't get announced

appears to be in reference to when the Anonymization toggle button is disabled. This is unfortunately expected, because screen readers do NOT announce disabled buttons, as described in articles like <https://css-tricks.com/making-disabled-buttons-more-inclusive/>

The second part of the statement above:

> doesn't have enough context in the tooltip about when it gets enabled

is addressed by this PR, though there is still a quirk described in detail below.

In this PR, when a conversation does NOT have replacements, a new (different) tooltip is displayed, as illustrated by the before / after screenshots below:

**Before:**

![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)

_Above: Before the fix, the tooltip for the disabled button reads:_ `Show anonymized`

**After:**

![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)

_Above: After the fix, the tooltip for the disabled button reads:_ `This conversation does not include anonymized fields`

Note that there is still a quirk with the button, which is not addressed by this fix:

The current implementation enables the `Show anonymized` button when the conversation has _any_ replacements, regardless of whether or not the replacements are applicable to the rendered conversation. As a result, when replacements are present, but not applicable to the rendered conversation, the user may toggle the enabled button, but will not observe any changes to the rendered conversation.

Alternatively, the replacements could be applied to the conversation before rendering to facilitate a comparison: If the original conversation and applied conversation are identical, the anonymization button should be disabled. If they are the different, the button should be enabled. This alternative was NOT implemented in this PR.

Desk testing: see [206875](elastic#206875) for reproduction steps
andrew-goldstein added a commit that referenced this issue Jan 22, 2025
…essibility (a11y) issues (#207122)

### [Security Solution] [Security Assistant] Fixes Security Assistant accessibility (a11y) issues

This PR fixes the following Security Assistant accessibility (a11y) issues:

- <#206348> - _The ai assistant settings and actions button is announced wrong_
- <#206362> - _Close button on View in AI assistant is missing discernible text_
- <#206875> - _Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled_

### Details

#### [206348](#206348) - The ai assistant settings and actions button is announced wrong

This issue was resolved by adding an `aria-label` to the assistant settings context menu.

This fix was desk tested using Voiceover, as illustrated by the following screenshots:

**Before:**

![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)

**After:**

![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)

Desk testing: see [206348](#206348) for reproduction steps

#### [206362](#206362) - Close button on View in AI assistant is missing discernible text

This issue was resolved by adding an `aria-label` to the assistant close button.

This fix was desk tested using Axe, as illustrated by the following screenshots:

**Before:**

![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)

**After:**

![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)

Desk testing: see [206362](#206362) for reproduction steps

#### [206875](#206875) - Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled

Issue [206875](#206875) includes the following statement:

> Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets disabled. All it says right now "show anonymized"

The first part of the statement above:

> Anonymization button doesn't get announced

appears to be in reference to when the Anonymization toggle button is disabled. This is unfortunately expected, because screen readers do NOT announce disabled buttons, as described in articles like <https://css-tricks.com/making-disabled-buttons-more-inclusive/>

The second part of the statement above:

> doesn't have enough context in the tooltip about when it gets enabled

is addressed by this PR, though there is still a quirk described in detail below.

In this PR, when a conversation does NOT have replacements, a new (different) tooltip is displayed, as illustrated by the before / after screenshots below:

**Before:**

![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)

_Above: Before the fix, the tooltip for the disabled button reads:_ `Show anonymized`

**After:**

![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)

_Above: After the fix, the tooltip for the disabled button reads:_ `This conversation does not include anonymized fields`

Note that there is still a quirk with the button, which is not addressed by this fix:

The current implementation enables the `Show anonymized` button when the conversation has _any_ replacements, regardless of whether or not the replacements are applicable to the rendered conversation. As a result, when replacements are present, but not applicable to the rendered conversation, the user may toggle the enabled button, but will not observe any changes to the rendered conversation.

Alternatively, the replacements could be applied to the conversation before rendering to facilitate a comparison: If the original conversation and applied conversation are identical, the anonymization button should be disabled. If they are the different, the button should be enabled. This alternative was NOT implemented in this PR.

Desk testing: see [206875](#206875) for reproduction steps
kibanamachine pushed a commit to kibanamachine/kibana that referenced this issue Jan 22, 2025
…essibility (a11y) issues (elastic#207122)

### [Security Solution] [Security Assistant] Fixes Security Assistant accessibility (a11y) issues

This PR fixes the following Security Assistant accessibility (a11y) issues:

- <elastic#206348> - _The ai assistant settings and actions button is announced wrong_
- <elastic#206362> - _Close button on View in AI assistant is missing discernible text_
- <elastic#206875> - _Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled_

### Details

#### [206348](elastic#206348) - The ai assistant settings and actions button is announced wrong

This issue was resolved by adding an `aria-label` to the assistant settings context menu.

This fix was desk tested using Voiceover, as illustrated by the following screenshots:

**Before:**

![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)

**After:**

![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)

Desk testing: see [206348](elastic#206348) for reproduction steps

#### [206362](elastic#206362) - Close button on View in AI assistant is missing discernible text

This issue was resolved by adding an `aria-label` to the assistant close button.

This fix was desk tested using Axe, as illustrated by the following screenshots:

**Before:**

![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)

**After:**

![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)

Desk testing: see [206362](elastic#206362) for reproduction steps

#### [206875](elastic#206875) - Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled

Issue [206875](elastic#206875) includes the following statement:

> Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets disabled. All it says right now "show anonymized"

The first part of the statement above:

> Anonymization button doesn't get announced

appears to be in reference to when the Anonymization toggle button is disabled. This is unfortunately expected, because screen readers do NOT announce disabled buttons, as described in articles like <https://css-tricks.com/making-disabled-buttons-more-inclusive/>

The second part of the statement above:

> doesn't have enough context in the tooltip about when it gets enabled

is addressed by this PR, though there is still a quirk described in detail below.

In this PR, when a conversation does NOT have replacements, a new (different) tooltip is displayed, as illustrated by the before / after screenshots below:

**Before:**

![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)

_Above: Before the fix, the tooltip for the disabled button reads:_ `Show anonymized`

**After:**

![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)

_Above: After the fix, the tooltip for the disabled button reads:_ `This conversation does not include anonymized fields`

Note that there is still a quirk with the button, which is not addressed by this fix:

The current implementation enables the `Show anonymized` button when the conversation has _any_ replacements, regardless of whether or not the replacements are applicable to the rendered conversation. As a result, when replacements are present, but not applicable to the rendered conversation, the user may toggle the enabled button, but will not observe any changes to the rendered conversation.

Alternatively, the replacements could be applied to the conversation before rendering to facilitate a comparison: If the original conversation and applied conversation are identical, the anonymization button should be disabled. If they are the different, the button should be enabled. This alternative was NOT implemented in this PR.

Desk testing: see [206875](elastic#206875) for reproduction steps

(cherry picked from commit 0e715b6)
kibanamachine added a commit that referenced this issue Jan 22, 2025
…nt accessibility (a11y) issues (#207122) (#207895)

# Backport

This will backport the following commits from `main` to `8.x`:
- [[Security Solution] [Security Assistant] Fixes Security Assistant
accessibility (a11y) issues
(#207122)](#207122)

<!--- Backport version: 9.4.3 -->

### Questions ?
Please refer to the [Backport tool
documentation](https://github.com/sqren/backport)

<!--BACKPORT [{"author":{"name":"Andrew
Macri","email":"[email protected]"},"sourceCommit":{"committedDate":"2025-01-22T18:06:54Z","message":"[Security
Solution] [Security Assistant] Fixes Security Assistant accessibility
(a11y) issues (#207122)\n\n### [Security Solution] [Security Assistant]
Fixes Security Assistant accessibility (a11y) issues\r\n\r\nThis PR
fixes the following Security Assistant accessibility (a11y)
issues:\r\n\r\n- <#206348> -
_The ai assistant settings and actions button is announced wrong_\r\n-
<#206362> - _Close button on
View in AI assistant is missing discernible text_\r\n-
<#206875> - _Anonymization
button doesn't get announced and doesn't have enough context in the
tooltip about when it gets enabled_\r\n\r\n### Details\r\n\r\n####
[206348](#206348) - The ai
assistant settings and actions button is announced wrong\r\n\r\nThis
issue was resolved by adding an `aria-label` to the assistant settings
context menu.\r\n\r\nThis fix was desk tested using Voiceover, as
illustrated by the following
screenshots:\r\n\r\n**Before:**\r\n\r\n![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)\r\n\r\n**After:**\r\n\r\n![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)\r\n\r\nDesk
testing: see [206348](#206348)
for reproduction steps\r\n\r\n####
[206362](#206362) - Close button
on View in AI assistant is missing discernible text\r\n\r\nThis issue
was resolved by adding an `aria-label` to the assistant close
button.\r\n\r\nThis fix was desk tested using Axe, as illustrated by the
following
screenshots:\r\n\r\n**Before:**\r\n\r\n![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)\r\n\r\n**After:**\r\n\r\n![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)\r\n\r\nDesk
testing: see [206362](#206362)
for reproduction steps\r\n\r\n####
[206875](#206875) -
Anonymization button doesn't get announced and doesn't have enough
context in the tooltip about when it gets enabled\r\n\r\nIssue
[206875](#206875) includes the
following statement:\r\n\r\n> Anonymization button doesn't get announced
and doesn't have enough context in the tooltip about when it gets
disabled. All it says right now \"show anonymized\"\r\n\r\nThe first
part of the statement above:\r\n\r\n> Anonymization button doesn't get
announced\r\n\r\nappears to be in reference to when the Anonymization
toggle button is disabled. This is unfortunately expected, because
screen readers do NOT announce disabled buttons, as described in
articles like
<https://css-tricks.com/making-disabled-buttons-more-inclusive/>\r\n\r\nThe
second part of the statement above:\r\n\r\n> doesn't have enough context
in the tooltip about when it gets enabled\r\n\r\nis addressed by this
PR, though there is still a quirk described in detail below.\r\n\r\nIn
this PR, when a conversation does NOT have replacements, a new
(different) tooltip is displayed, as illustrated by the before / after
screenshots
below:\r\n\r\n**Before:**\r\n\r\n![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)\r\n\r\n_Above:
Before the fix, the tooltip for the disabled button reads:_ `Show
anonymized`\r\n\r\n**After:**\r\n\r\n![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)\r\n\r\n_Above:
After the fix, the tooltip for the disabled button reads:_ `This
conversation does not include anonymized fields`\r\n\r\nNote that there
is still a quirk with the button, which is not addressed by this
fix:\r\n\r\nThe current implementation enables the `Show anonymized`
button when the conversation has _any_ replacements, regardless of
whether or not the replacements are applicable to the rendered
conversation. As a result, when replacements are present, but not
applicable to the rendered conversation, the user may toggle the enabled
button, but will not observe any changes to the rendered
conversation.\r\n\r\nAlternatively, the replacements could be applied to
the conversation before rendering to facilitate a comparison: If the
original conversation and applied conversation are identical, the
anonymization button should be disabled. If they are the different, the
button should be enabled. This alternative was NOT implemented in this
PR.\r\n\r\nDesk testing: see
[206875](#206875) for
reproduction
steps","sha":"0e715b650e402c4bd7d7391e5c009ff64f896ef8","branchLabelMapping":{"^v9.0.0$":"main","^v8.18.0$":"8.x","^v(\\d+).(\\d+).\\d+$":"$1.$2"}},"sourcePullRequest":{"labels":["release_note:skip","v9.0.0","Team:
SecuritySolution","Team:Security Generative
AI","backport:version","v8.18.0"],"title":"[Security Solution] [Security
Assistant] Fixes Security Assistant accessibility (a11y)
issues","number":207122,"url":"https://github.com/elastic/kibana/pull/207122","mergeCommit":{"message":"[Security
Solution] [Security Assistant] Fixes Security Assistant accessibility
(a11y) issues (#207122)\n\n### [Security Solution] [Security Assistant]
Fixes Security Assistant accessibility (a11y) issues\r\n\r\nThis PR
fixes the following Security Assistant accessibility (a11y)
issues:\r\n\r\n- <#206348> -
_The ai assistant settings and actions button is announced wrong_\r\n-
<#206362> - _Close button on
View in AI assistant is missing discernible text_\r\n-
<#206875> - _Anonymization
button doesn't get announced and doesn't have enough context in the
tooltip about when it gets enabled_\r\n\r\n### Details\r\n\r\n####
[206348](#206348) - The ai
assistant settings and actions button is announced wrong\r\n\r\nThis
issue was resolved by adding an `aria-label` to the assistant settings
context menu.\r\n\r\nThis fix was desk tested using Voiceover, as
illustrated by the following
screenshots:\r\n\r\n**Before:**\r\n\r\n![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)\r\n\r\n**After:**\r\n\r\n![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)\r\n\r\nDesk
testing: see [206348](#206348)
for reproduction steps\r\n\r\n####
[206362](#206362) - Close button
on View in AI assistant is missing discernible text\r\n\r\nThis issue
was resolved by adding an `aria-label` to the assistant close
button.\r\n\r\nThis fix was desk tested using Axe, as illustrated by the
following
screenshots:\r\n\r\n**Before:**\r\n\r\n![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)\r\n\r\n**After:**\r\n\r\n![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)\r\n\r\nDesk
testing: see [206362](#206362)
for reproduction steps\r\n\r\n####
[206875](#206875) -
Anonymization button doesn't get announced and doesn't have enough
context in the tooltip about when it gets enabled\r\n\r\nIssue
[206875](#206875) includes the
following statement:\r\n\r\n> Anonymization button doesn't get announced
and doesn't have enough context in the tooltip about when it gets
disabled. All it says right now \"show anonymized\"\r\n\r\nThe first
part of the statement above:\r\n\r\n> Anonymization button doesn't get
announced\r\n\r\nappears to be in reference to when the Anonymization
toggle button is disabled. This is unfortunately expected, because
screen readers do NOT announce disabled buttons, as described in
articles like
<https://css-tricks.com/making-disabled-buttons-more-inclusive/>\r\n\r\nThe
second part of the statement above:\r\n\r\n> doesn't have enough context
in the tooltip about when it gets enabled\r\n\r\nis addressed by this
PR, though there is still a quirk described in detail below.\r\n\r\nIn
this PR, when a conversation does NOT have replacements, a new
(different) tooltip is displayed, as illustrated by the before / after
screenshots
below:\r\n\r\n**Before:**\r\n\r\n![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)\r\n\r\n_Above:
Before the fix, the tooltip for the disabled button reads:_ `Show
anonymized`\r\n\r\n**After:**\r\n\r\n![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)\r\n\r\n_Above:
After the fix, the tooltip for the disabled button reads:_ `This
conversation does not include anonymized fields`\r\n\r\nNote that there
is still a quirk with the button, which is not addressed by this
fix:\r\n\r\nThe current implementation enables the `Show anonymized`
button when the conversation has _any_ replacements, regardless of
whether or not the replacements are applicable to the rendered
conversation. As a result, when replacements are present, but not
applicable to the rendered conversation, the user may toggle the enabled
button, but will not observe any changes to the rendered
conversation.\r\n\r\nAlternatively, the replacements could be applied to
the conversation before rendering to facilitate a comparison: If the
original conversation and applied conversation are identical, the
anonymization button should be disabled. If they are the different, the
button should be enabled. This alternative was NOT implemented in this
PR.\r\n\r\nDesk testing: see
[206875](#206875) for
reproduction
steps","sha":"0e715b650e402c4bd7d7391e5c009ff64f896ef8"}},"sourceBranch":"main","suggestedTargetBranches":["8.x"],"targetPullRequestStates":[{"branch":"main","label":"v9.0.0","branchLabelMappingKey":"^v9.0.0$","isSourceBranch":true,"state":"MERGED","url":"https://github.com/elastic/kibana/pull/207122","number":207122,"mergeCommit":{"message":"[Security
Solution] [Security Assistant] Fixes Security Assistant accessibility
(a11y) issues (#207122)\n\n### [Security Solution] [Security Assistant]
Fixes Security Assistant accessibility (a11y) issues\r\n\r\nThis PR
fixes the following Security Assistant accessibility (a11y)
issues:\r\n\r\n- <#206348> -
_The ai assistant settings and actions button is announced wrong_\r\n-
<#206362> - _Close button on
View in AI assistant is missing discernible text_\r\n-
<#206875> - _Anonymization
button doesn't get announced and doesn't have enough context in the
tooltip about when it gets enabled_\r\n\r\n### Details\r\n\r\n####
[206348](#206348) - The ai
assistant settings and actions button is announced wrong\r\n\r\nThis
issue was resolved by adding an `aria-label` to the assistant settings
context menu.\r\n\r\nThis fix was desk tested using Voiceover, as
illustrated by the following
screenshots:\r\n\r\n**Before:**\r\n\r\n![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)\r\n\r\n**After:**\r\n\r\n![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)\r\n\r\nDesk
testing: see [206348](#206348)
for reproduction steps\r\n\r\n####
[206362](#206362) - Close button
on View in AI assistant is missing discernible text\r\n\r\nThis issue
was resolved by adding an `aria-label` to the assistant close
button.\r\n\r\nThis fix was desk tested using Axe, as illustrated by the
following
screenshots:\r\n\r\n**Before:**\r\n\r\n![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)\r\n\r\n**After:**\r\n\r\n![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)\r\n\r\nDesk
testing: see [206362](#206362)
for reproduction steps\r\n\r\n####
[206875](#206875) -
Anonymization button doesn't get announced and doesn't have enough
context in the tooltip about when it gets enabled\r\n\r\nIssue
[206875](#206875) includes the
following statement:\r\n\r\n> Anonymization button doesn't get announced
and doesn't have enough context in the tooltip about when it gets
disabled. All it says right now \"show anonymized\"\r\n\r\nThe first
part of the statement above:\r\n\r\n> Anonymization button doesn't get
announced\r\n\r\nappears to be in reference to when the Anonymization
toggle button is disabled. This is unfortunately expected, because
screen readers do NOT announce disabled buttons, as described in
articles like
<https://css-tricks.com/making-disabled-buttons-more-inclusive/>\r\n\r\nThe
second part of the statement above:\r\n\r\n> doesn't have enough context
in the tooltip about when it gets enabled\r\n\r\nis addressed by this
PR, though there is still a quirk described in detail below.\r\n\r\nIn
this PR, when a conversation does NOT have replacements, a new
(different) tooltip is displayed, as illustrated by the before / after
screenshots
below:\r\n\r\n**Before:**\r\n\r\n![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)\r\n\r\n_Above:
Before the fix, the tooltip for the disabled button reads:_ `Show
anonymized`\r\n\r\n**After:**\r\n\r\n![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)\r\n\r\n_Above:
After the fix, the tooltip for the disabled button reads:_ `This
conversation does not include anonymized fields`\r\n\r\nNote that there
is still a quirk with the button, which is not addressed by this
fix:\r\n\r\nThe current implementation enables the `Show anonymized`
button when the conversation has _any_ replacements, regardless of
whether or not the replacements are applicable to the rendered
conversation. As a result, when replacements are present, but not
applicable to the rendered conversation, the user may toggle the enabled
button, but will not observe any changes to the rendered
conversation.\r\n\r\nAlternatively, the replacements could be applied to
the conversation before rendering to facilitate a comparison: If the
original conversation and applied conversation are identical, the
anonymization button should be disabled. If they are the different, the
button should be enabled. This alternative was NOT implemented in this
PR.\r\n\r\nDesk testing: see
[206875](#206875) for
reproduction
steps","sha":"0e715b650e402c4bd7d7391e5c009ff64f896ef8"}},{"branch":"8.x","label":"v8.18.0","branchLabelMappingKey":"^v8.18.0$","isSourceBranch":false,"state":"NOT_CREATED"}]}]
BACKPORT-->

Co-authored-by: Andrew Macri <[email protected]>
@andrew-goldstein
Copy link
Contributor

viduni94 pushed a commit to viduni94/kibana that referenced this issue Jan 23, 2025
…essibility (a11y) issues (elastic#207122)

### [Security Solution] [Security Assistant] Fixes Security Assistant accessibility (a11y) issues

This PR fixes the following Security Assistant accessibility (a11y) issues:

- <elastic#206348> - _The ai assistant settings and actions button is announced wrong_
- <elastic#206362> - _Close button on View in AI assistant is missing discernible text_
- <elastic#206875> - _Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled_

### Details

#### [206348](elastic#206348) - The ai assistant settings and actions button is announced wrong

This issue was resolved by adding an `aria-label` to the assistant settings context menu.

This fix was desk tested using Voiceover, as illustrated by the following screenshots:

**Before:**

![voiceover_before_206348](https://github.com/user-attachments/assets/92106bd9-b651-447e-b5dd-f59323288534)

**After:**

![voiceover_after_206348](https://github.com/user-attachments/assets/da580121-fab1-47e8-ae7b-41fd6d0008ca)

Desk testing: see [206348](elastic#206348) for reproduction steps

#### [206362](elastic#206362) - Close button on View in AI assistant is missing discernible text

This issue was resolved by adding an `aria-label` to the assistant close button.

This fix was desk tested using Axe, as illustrated by the following screenshots:

**Before:**

![axe_before_206362](https://github.com/user-attachments/assets/21503311-a9e0-402f-9ee0-333ad6d6171a)

**After:**

![axe_after_206362](https://github.com/user-attachments/assets/54565a48-4285-47f2-b3fd-3709feb9b57c)

Desk testing: see [206362](elastic#206362) for reproduction steps

#### [206875](elastic#206875) - Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets enabled

Issue [206875](elastic#206875) includes the following statement:

> Anonymization button doesn't get announced and doesn't have enough context in the tooltip about when it gets disabled. All it says right now "show anonymized"

The first part of the statement above:

> Anonymization button doesn't get announced

appears to be in reference to when the Anonymization toggle button is disabled. This is unfortunately expected, because screen readers do NOT announce disabled buttons, as described in articles like <https://css-tricks.com/making-disabled-buttons-more-inclusive/>

The second part of the statement above:

> doesn't have enough context in the tooltip about when it gets enabled

is addressed by this PR, though there is still a quirk described in detail below.

In this PR, when a conversation does NOT have replacements, a new (different) tooltip is displayed, as illustrated by the before / after screenshots below:

**Before:**

![empty_before_206875](https://github.com/user-attachments/assets/682f6269-d3db-40ee-877e-e877e9b1ae31)

_Above: Before the fix, the tooltip for the disabled button reads:_ `Show anonymized`

**After:**

![empty_after_206875](https://github.com/user-attachments/assets/1eed6a88-c3d2-424a-abc0-ef45b9ee41d5)

_Above: After the fix, the tooltip for the disabled button reads:_ `This conversation does not include anonymized fields`

Note that there is still a quirk with the button, which is not addressed by this fix:

The current implementation enables the `Show anonymized` button when the conversation has _any_ replacements, regardless of whether or not the replacements are applicable to the rendered conversation. As a result, when replacements are present, but not applicable to the rendered conversation, the user may toggle the enabled button, but will not observe any changes to the rendered conversation.

Alternatively, the replacements could be applied to the conversation before rendering to facilitate a comparison: If the original conversation and applied conversation are identical, the anonymization button should be disabled. If they are the different, the button should be enabled. This alternative was NOT implemented in this PR.

Desk testing: see [206875](elastic#206875) for reproduction steps
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
defect-level-1 Critical UX disruption impact:critical This issue should be addressed immediately due to a critical level of impact on the product. Project:Accessibility Team:Security Generative AI Security Generative AI Team: SecuritySolution Security Solutions Team working on SIEM, Endpoint, Timeline, Resolver, etc.
Projects
None yet
Development

No branches or pull requests

3 participants