R I S K M O N I T O R

Loading

Intelligent Cybersecurity Check for vulnerabilities now

Contact Info

Get A Quote

Ensuring Frame Elements Are Tested with axe-core

  • Home
  • Blog
  • Ensuring Frame Elements Are Tested with axe-core
  • June 1, 2025

Ensuring Frame Elements Are Tested with axe-core

Rule ID: frame-tested
Ruleset: axe-core 4.10
User Impact: Critical
Guidelines: Deque Best Practice

How to Fix the Problem

To ensure comprehensive accessibility testing, all iframe and frame elements on your page must include the axe-core script. Without this, the accessibility tool cannot properly inspect the contents within these elements.

Here’s what to do:

  • Inject the axe-core script into every iframe and frame that contains testable content. This allows the accessibility engine to analyze and report issues inside those embedded documents.

  • If you are running axe-core programmatically, set the iframes option to true. This ensures the tool will traverse and inspect nested iframe content:

    javascript
    axe.run({
    iframes: true
    });

  • If you’re using the after function for post-processing results, ensure it appropriately merges data from each frame into a unified result set.

  • When running a full-page scan (pageLevel: true), the engine will check all frames as part of a comprehensive audit.

Important: If you are testing in environments with multiple cross-domain iframes, you may face limitations due to browser security restrictions (CORS). Where possible, test within the same origin or ensure proper communication between frames.

Why it Matters

Frames and iframes are often used to embed third-party content, dynamic interfaces, or modular sections of a web application. If these aren’t scanned by accessibility tools, critical accessibility issues may go undetected, especially for screen reader users or keyboard-only navigation.

Because axe-core can’t automatically evaluate frames unless explicitly configured to do so, omitting them creates blind spots in your audit. Ensuring the axe-core script is injected and that settings are correct allows for full visibility and compliance assurance across embedded content.

Rule Description

All iframe and frame elements in the document must be properly scanned by axe-core. This requires:

  • The axe-core script to be available within the content of each frame.

  • The correct configuration to ensure nested scanning is executed.

The Algorithm (in simple terms)

When the iframes: true option is enabled, axe-core:

  1. Identifies all iframe and frame elements on the page.

  2. Attempts to inject the axe-core script into each one.

  3. Scans the embedded content just like it would the main document.

  4. Consolidates the results into a unified report if pageLevel: true is also set.

This ensures no embedded content escapes accessibility review.

Tags:
Share:

Leave A Comment