Propose a new
ASDR rule

Use this form to submit a candidate rule for the Accessibility-Security Detection Ruleset. Your proposal will be reviewed before inclusion. Fields marked ✦ are required.

Rule identity

Basic metadata used to identify and catalogue the rule.

Rule name ✦

A short, plain-language name. Write it as a statement of what the rule checks, e.g. "Password field does not suppress autocomplete".

Rule type ✦

Atomic rules check one specific thing. Composite rules combine multiple atomic rules.

Impact level ✦

How severe is the barrier created by this issue?

Category ✦

The security or accessibility domain this rule belongs to.

Standards tags ✦

Select any WCAG success criteria this rule maps to. If none apply, the rule will be tagged as ASG (Accessible Security Guidelines).

1.1.1 Non-text Content (A) 1.3.1 Info and Relationships (A) 1.3.5 Identify Input Purpose (AA) 2.1.1 Keyboard (A) 2.2.1 Timing Adjustable (A) 3.3.1 Error Identification (A) 3.3.2 Labels or Instructions (A) 4.1.3 Status Messages (AA) None of the above – tag as ASG

Describing the issue

Explain the problem clearly. The LLM will use this to understand what it is looking for and why it matters.

One-sentence summary ✦

Start with "This rule checks…". Keep it to one sentence.

What is the issue? ✦

Describe what the problematic pattern looks like in a webpage. Be specific about the element, attribute, or behaviour involved.

Why is it a problem? ✦

Explain the impact from an accessibility-security angle. Who is harmed, and how? Connect the security issue to the accessibility barrier.

Who is affected? ✦

Select all user groups who face a barrier from this issue.

Screen reader users Keyboard-only users Switch access users Screen magnification users Users with cognitive disabilities Deaf and hard of hearing users All users (security issue affecting anyone)

Detection guidance

Help the LLM know what to look for, what to ignore, and how confident to be.

What should the scanner look for? ✦

Describe specific HTML attributes, element types, text patterns, or ARIA roles that indicate this issue. The more specific, the better.

What might cause a false positive?

Describe patterns that look like this issue but are actually acceptable.

Confidence level

How reliably can this issue be detected from a page snapshot?

Additional confidence notes

Any extra caveats the LLM should keep in mind when assessing confidence.

Examples

Provide at least one flagged example and one passing example. HTML snippets are ideal, but plain descriptions work too.

Use real or representative HTML snippets wherever possible. The LLM uses these as positive and negative training signals for this rule.

Flagged example 1

Description

HTML snippet

Passing example 1

Description

HTML snippet

Remediation

Explain how a developer should fix the issue. Keep it actionable and plain-language.

How should this be fixed? ✦

Write for a developer who has just been told their page has this issue. Be direct and specific.

References

Link to any supporting standards, guidelines, or documentation.

Reference title

URL

About you

Optional — used for acknowledgments in the final ruleset.

Your name

Your role

Ready to submit?

Your proposal will be saved for team review, and a copy of the generated JSON will appear below.

GENERATED RULE — ASDR PROPOSAL

Propose a newASDR rule

Rule identity

Describing the issue

Detection guidance

Examples

Remediation

References

About you

Ready to submit?

Propose a new
ASDR rule