#63: Fix HTML5 validation issues#910
Conversation
|
The following accounts have interacted with this PR and/or linked issues. I will continue to update these lists as activity occurs. You can also manually ask me to refresh this list by adding the If you're merging code through a pull request on GitHub, copy and paste the following into the bottom of the merge commit message. To understand the WordPress project's expectations around crediting contributors, please review the Contributor Attribution page in the Core Handbook. |
georgestephanis
left a comment
There was a problem hiding this comment.
Either changes or clarifications requested here --
Two buttons, both alike in dignity,
In fair WordPress, where we lay our scene,
- William Shakespeare, Romeo + Juliet (paraphrased)
| <a class="button button-two-factor-backup-codes-copy button-secondary hide-if-no-js" href="javascript:void(0);" id="two-factor-backup-codes-copy-link"><?php esc_html_e( 'Copy Codes', 'two-factor' ); ?></a> | ||
| <a class="button button-two-factor-backup-codes-download button-secondary hide-if-no-js" href="javascript:void(0);" id="two-factor-backup-codes-download-link" download="two-factor-backup-codes.txt"><?php esc_html_e( 'Download Codes', 'two-factor' ); ?></a> | ||
| <button type="button" class="button button-two-factor-backup-codes-copy button-secondary hide-if-no-js" id="two-factor-backup-codes-copy-link"><?php esc_html_e( 'Copy Codes', 'two-factor' ); ?></button> | ||
| <a class="button button-two-factor-backup-codes-download button-secondary hide-if-no-js" href="#" id="two-factor-backup-codes-download-link" download="two-factor-backup-codes.txt"><?php esc_html_e( 'Download Codes', 'two-factor' ); ?></a> |
There was a problem hiding this comment.
Why are we bumping one to button but not the other?
There was a problem hiding this comment.
@georgestephanis The copy button doesnt really link anywhere - so no href/navigation purpose — it's pure JS. Thats why is the correct semantic element IMO.
The download link has to remain an because it uses the download attribute, which only works on anchors — so that one just got its href swapped to # instead.
There was a problem hiding this comment.
Pull request overview
This PR updates the Two-Factor plugin’s rendered HTML to better conform to the HTML5 spec, focusing on removing XHTML-isms and invalid patterns in the login and profile/provider UIs.
Changes:
- Remove XHTML-style self-closing syntax from void elements (
<input />,<img />,<br />,<hr />) across settings, providers, and core output. - Adjust profile/backup-codes UI markup for HTML5 validity (boolean
disabled, “Copy Codes” as a<button>, add placeholderhreffor downloadable link). - Remove a duplicated inline
<style>block from the login HTML path (styles already exist inuser-edit.css).
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 2 comments.
Show a summary per file
| File | Description |
|---|---|
| settings/class-two-factor-settings.php | Removes XHTML-style self-closing from provider checkbox input. |
| providers/class-two-factor-totp.php | Removes XHTML-style self-closing from TOTP setup/login markup (img, input). |
| providers/class-two-factor-email.php | Removes XHTML-style self-closing from email auth inputs/buttons. |
| providers/class-two-factor-backup-codes.php | Converts “Copy Codes” to <button>, adds href for download link, removes XHTML-style self-closing input. |
| class-two-factor-core.php | Updates login/profile HTML output for HTML5 conformance and removes duplicated inline CSS block. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
What?
Fixes HTML5 validation issues.
Fixes #63.
Why?
The plugin's output contained several XHTML-isms and non-conforming patterns that fail HTML5 validation
How?
<input />,<img />,<br />,<hr />→ no trailing slash, across all provider and core files.disabled="disabled"→disabledon the profile page fieldset.<a>to<button>— the element has no URL destination;<a href="javascript:void(0);">is non-conforming. The JS targets it by class so no JS changes needed.href="#"to "Download Codes"<a>— HTML5 requireshrefwhendownloadis present. The JS sets the real data URI href after code generation;#is just a valid placeholder.<style>block — the block inclass-two-factor-core.phpwas already moved touser-edit.cssby Move class-two-factor-core.php login styles from inline to enqueued stylesheet #807, but was accidentally reintroduced by Move inline JS to external script files #814 while refactoring inline JS. This removes it again.Note:
type="text/javascript"andtype="text/css"inincludes/are intentionally left — those files track WordPress Core.Use of AI Tools
AI assistance: Yes
Tool(s): Claude Code
Model(s): Claude Opus 4.8
Used for: Drafting the implementation and PR text. Code reviewed and edited by me.
Testing Instructions
Screenshots or screencast
Changelog Entry