feat(a11y): add new accessibility rules for nested interactive elements and duplicate accesskeys; enhance lang attribute validation

Author: PhilDaiguille

.github/workflows/qa.yml

@@ -52,40 +52,31 @@ jobs:
               run: composer rector -- --dry-run
 
             - name: Run tests with coverage
+              env:
+                  XDEBUG_MODE: coverage
               run: |
                   ./vendor/bin/phpunit \
+                    --coverage-clover=build/coverage/coverage.xml \
                     --coverage-xml=build/coverage/coverage-xml \
-                    --log-junit=build/coverage/junit.xml \
-                    --coverage-clover=build/coverage/coverage.xml
-
-            - name: Upload coverage and test results artifact
-              uses: actions/upload-artifact@v7
-              with:
-                  name: test-results-php${{ matrix.php }}
-                  path: |
-                      build/coverage/coverage.xml
-                      build/coverage/junit.xml
-                  if-no-files-found: warn
+                    --log-junit=build/coverage/junit.xml
 
             - name: Upload coverage to Codecov
-              if: ${{ env.CODECOV_TOKEN != '' }}
+              if: ${{ matrix.php == '8.3' }}
               uses: codecov/codecov-action@v6
-              env:
-                  CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
               with:
                   token: ${{ secrets.CODECOV_TOKEN }}
                   files: build/coverage/coverage.xml
                   fail_ci_if_error: true
+                  verbose: true
 
             - name: Upload test results to Codecov
-              if: ${{ !cancelled() }}
+              if: ${{ matrix.php == '8.3' && !cancelled() }}
               uses: codecov/codecov-action@v6
-              env:
-                  CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
               with:
                   token: ${{ secrets.CODECOV_TOKEN }}
                   files: build/coverage/junit.xml
                   report_type: test_results
+                  fail_ci_if_error: false
 
     infection:
         needs: build
@@ -117,6 +108,8 @@ jobs:
               run: composer install --prefer-dist --no-progress --no-suggest --optimize-autoloader
 
             - name: Run tests with coverage (for Infection)
+              env:
+                  XDEBUG_MODE: coverage
               run: |
                   ./vendor/bin/phpunit \
                     --coverage-xml=build/coverage/coverage-xml \

README.md

@@ -38,10 +38,6 @@ public function evaluate(Tokens $tokens, int $tokenIndex, callable $emit): void
                     continue;
                 }
 
-                foreach ($this->allowed[$role] as $attr) {
-                    // nothing
-                }
-
                 // naive check: find any aria- attribute not in allowed list
                 if (preg_match_all('/\baria-[a-z0-9-]+\s*=\s*(?:"|\')[^"\']*(?:"|\')/i', $attrs, $am)) {
                     foreach ($am[0] as $ariaRaw) {

composer.json

@@ -15,45 +15,42 @@ public function evaluate(Tokens $tokens, int $tokenIndex, callable $emit): void
             return;
         }
 
-        // Page-level scan across the whole template
         $tag = $this->getFullContent($tokens);
 
-        if (preg_match_all('/role\s*=\s*(?:"|\')([^"\']+)(?:"|\')/i', $tag, $m)) {
-            $roles = array_map(strtolower(...), $m[1]);
-
-            // expanded list of common ARIA roles
-            $allowed = [
-                'alert', 'alertdialog', 'application', 'article', 'banner', 'button', 'checkbox', 'columnheader',
-                'combobox', 'complementary', 'contentinfo', 'dialog', 'directory', 'document', 'feed', 'figure',
-                'form', 'grid', 'gridcell', 'group', 'heading', 'img', 'link', 'list', 'listbox', 'listitem', 'log',
-                'main', 'math', 'menu', 'menubar', 'menuitem', 'menuitemcheckbox', 'menuitemradio',
-                'navigation', 'none', 'note', 'option', 'presentation', 'progressbar', 'radio', 'radiogroup', 'region',
-                'row', 'rowgroup', 'rowheader', 'search', 'separator', 'slider', 'spinbutton', 'status', 'switch', 'tab',
-                'table', 'tablist', 'tabpanel', 'textbox', 'timer', 'toolbar', 'tooltip', 'tree', 'treegrid', 'treeitem',
-            ];
-
-            // Collect and report all invalid roles found in the document.
-            $invalid = [];
-            foreach ($roles as $role) {
-                if (!in_array($role, $allowed, true)) {
-                    $invalid[] = $role;
-                }
+        if (!preg_match_all('/role\s*=\s*(?:"|\')([^"\']+)(?:"|\')/i', $tag, $m)) {
+            return;
+        }
+
+        $allowed = RoleCatalog::getAllowedRoles();
+        $roles = array_map(strtolower(...), $m[1]);
+
+        $invalid = [];
+        foreach ($roles as $role) {
+            // Skip Twig dynamic expressions
+            if ($this->containsTwigExpressions($role)) {
+                continue;
             }
 
-            if ([] !== $invalid) {
-                $tokenRef = $tokens->get(0);
-                $idx = 0;
-                foreach ($invalid as $role) {
-                    ++$idx;
-                    $id = 'AriaRole.InvalidRole';
-                    if ($idx > 1) {
-                        $id .= '#'.$idx;
-                    }
-
-                    $emit(sprintf('Invalid ARIA role "%s".', $role), $tokenRef, $id);
-                }
+            if (!in_array($role, $allowed, true)) {
+                $invalid[] = $role;
             }
         }
+
+        if ([] === $invalid) {
+            return;
+        }
+
+        $tokenRef = $tokens->get(0);
+        $idx = 0;
+        foreach ($invalid as $role) {
+            ++$idx;
+            $id = 'AriaRole.InvalidRole';
+            if ($idx > 1) {
+                $id .= '#'.$idx;
+            }
+
+            $emit(sprintf('Invalid ARIA role "%s".', $role), $tokenRef, $id);
+        }
     }
 
     protected function evaluateOncePerFile(): bool