Skip to content

[bug]: Combined Code Quality and Accessibility Issues #55

Open
Open
[bug]: Combined Code Quality and Accessibility Issues#55
Labels
bugSomething isn't working
@24dce027-jpg

Description

@24dce027-jpg
24dce027-jpg
opened on Feb 26, 2026

Is there an existing issue for this?

  • I have searched the existing issues

Current behavior

Current Behavior of Each Issue

Here's what's currently happening with each issue:

Issue 1: Invalid HTML - Self-Closing Image Tags

Current Behavior: Images use closing tags </img> which is invalid HTML syntax

<img class="icon" src="./images/code1.gif"></img>  ❌ WRONG

Impact: HTML validation fails, may cause parsing issues in some browsers

Issue 2: Empty and Missing Alt Attributes on Images

Current Behavior:

  • Testimonial images have empty alt strings: alt=""
  • Service icons have NO alt attribute at all
  • Logo has generic text: alt="Homepage"

Impact: Screen readers announce "image" with no description, violating WCAG 2.1 accessibility standards

Issue 3: Nested Headings Inside Links

Current Behavior: Heading tags are wrapped inside anchor tags

<a href="...">
    <h4>Text here</h4>  ❌ Invalid nesting
</a>

Impact: Invalid HTML structure, confuses screen readers and SEO

Issue 4: Invalid HTML Attribute Format

Current Behavior: Data attribute value not quoted

data-position-y=center  ❌ Missing quotes

Impact: HTML validation error, may not work reliably in all browsers

Issue 5: Empty Form Actions

Current Behavior: Forms have empty action="" with no endpoint specified

<form ... action="" method="post">  ❌ No action defined

Impact: Newsletter forms cannot submit; data is lost or submitted to same page

Issue 6: Inconsistent HTML Attribute Quoting

Current Behavior: Mix of single and double quotes

id='about'          ❌ Single quotes
href="#home"        ✓ Double quotes

Impact: Code inconsistency and harder maintenance

Issue 7: Console Statements Left in Production Code

Current Behavior: Debug statements active in production JavaScript

console.log("mailchimp ajax submit error: "+text)
console.warn("Nothing selected...")
console.error("%o has no name assigned", this)

Impact:

  • Browser console cluttered with debug messages
  • Potential information disclosure
  • Minor performance impact

Issue 8: Missing CSRF Protection and Security Meta Tags

Current Behavior:

  • Forms have NO CSRF token protection
  • Missing security meta tags like X-UA-Compatible, theme-color
  • Forms send POST requests unprotected

Impact: Vulnerable to Cross-Site Request Forgery attacks on newsletter/email forms

Issue 9: Outdated jQuery Version

Current Behavior: Using jQuery 3.2.1 (released June 2017)

<script src="js/jquery-3.2.1.min.js"></script>

Impact:

  • Known security vulnerabilities unfixed
  • Missing bug fixes and performance improvements from 3.3+, 3.4+, 3.5+, 3.6+, 3.7+ versions

Issue 10: Outdated Inline Event Handlers

Current Behavior: Using inline event attributes in HTML

<input ... onfocus="this.placeholder = ''" onblur="this.placeholder = 'Enter email'">

Impact:

  • Mixes HTML with JavaScript (poor separation of concerns)
  • Harder to maintain and debug
  • Outdated practice (pre-2010s approach)

Summary: Current State

Severity Count Issues Status
Critical 3 #2, #5, #8 ❌ Breaking functionality, security, accessibility
High 3 #1, #4, #7 ❌ HTML validation & code quality failures
Medium 4 #3, #6, #9, #10 ⚠️ Best practices & dependencies

Overall Assessment: The website currently has multiple HTML validation errors, accessibility violations, and security vulnerabilities that should be addressed immediately.

Priority Action Items

  1. IMMEDIATE (Critical):

    • ✋ Stop: Forms not submitting properly
    • ✋ Fix: Accessibility violations (alt attributes)
    • ✋ Secure: Add CSRF protection

  2. URGENT (High):

    • Fix HTML validation errors
    • Remove console debug statements
    • Update jQuery

  3. SOON (Medium):

    • Refactor nested headings
    • Standardize quote usage
    • Replace inline event handlers

Steps to reproduce

Steps to Reproduce Each Issue

Detailed reproduction steps for all 10 issues found in the codebase.

Issue 1: Invalid HTML - Self-Closing Image Tags

Steps to Reproduce:

  1. Open index.html in a text editor
  2. Search for: </img>
  3. Locate lines 174-175, 182-183, 190-191
  4. View the service icons section (Learn, Teach, Grow)
  5. Validate HTML using W3C Validator
    • Upload index.html or paste code
    • Check validation report for "img" tag errors

Expected: Should see validation errors about closing img tags

Verification:

# Using online validator
# Or using HTML5 validator if installed locally
html5validator index.html

Issue 2: Empty and Missing Alt Attributes on Images

Steps to Reproduce:

  1. Open browser DevTools (F12)

  2. Open index.html

  3. Check service icons (Learn/Teach/Grow):

    • Right-click → Inspect
    • Look for: <img class="icon" src="./images/code1.gif"></img>
    • Notice: NO alt attribute present

  4. Check testimonial images:

    • Scroll to "What do our previous fellows say?" section
    • Right-click on any testimonial image → Inspect
    • Look for: <img src="./images/testimonials/sanskriti.avif" alt="">
    • Notice: alt="" is empty string

  5. Check logo:

    • Scroll to header
    • Right-click on logo → Inspect
    • Look for: <img src="images/logo.png" alt="Homepage">
    • Notice: Generic alt text, not descriptive

  6. Test with screen reader:

    • Install browser extension like NVDA (Windows) or VoiceOver (Mac)
    • Navigate to images
    • Observe: Screen reader says nothing meaningful for images

Expected: Proper alt text like "Sanskriti Gupta, Keploy fellow" for testimonials

Issue 3: Nested Headings Inside Links

Steps to Reproduce:

  1. Open index.html

  2. Search for: <a href="https://sanskritigupta.hashnode.dev

  3. Locate testimonial review sections (around lines 254-261, 270-271, 289-293, 307-311)

  4. Inspect the HTML structure:

    <a href="...">
    <h4>Review text here</h4>
</a>

  5. Validate with W3C Validator:

    • Copy the testimonials section
    • Paste into W3C Validator
    • Check for nesting errors

  6. Test with screen reader:

    • Enable screen reader
    • Navigate to testimonials
    • Observe: Confusing announcement of heading within link

Expected: Error: "Element h4 not allowed as child of element a"

Issue 4: Invalid HTML Attribute Format

Steps to Reproduce:

  1. Open index.html
  2. Search for: data-position-y=center
  3. Find line 104 (hero section): 
    <section id="home" class="s-home target-section" data-parallax="scroll" data-position-y=center>
  4. Notice: data-position-y=center has NO quotes around value
  5. Compare with: data-parallax="scroll" which HAS quotes
  6. Validate with W3C Validator
  7. Check browser console for warnings

Expected: Validation error about unquoted attribute value

Issue 5: Empty Form Actions

Steps to Reproduce:

  1. Open index.html

  2. Scroll to newsletter sections (press Ctrl+F, search "newsletter")

  3. Locate first newsletter form (around line 368):

    <form id="newsletter" target="" action="" method="post" class="subscribe_form relative ">

  4. Notice: action="" is empty

  5. Enter email address in form field

  6. Click submit button

  7. Observe: Form doesn't submit anywhere (stays on same page)

  8. Locate second newsletter form (around line 398):

    <form id="newsletter-1" target="" action="" method="post" class="subscribe_form relative">

  9. Repeat steps 5-7

  10. Open browser DevTools → Network tab

  11. Submit the form

  12. Observe: No POST request sent to any endpoint

Expected: Form data should submit to an API endpoint like /api/newsletter/subscribe

Issue 6: Inconsistent HTML Attribute Quoting

Steps to Reproduce:

  1. Open index.html

  2. Search for: <section id='about'

  3. Find line 68 in the navigation section:

    <section id='about' class="s-services">

  4. Notice: Uses single quotes id='about'

  5. Compare with other attributes in same file:

    • Line 48: alt="Homepage" (double quotes)
    • Line 104: id="home" (double quotes)
    • Line 158: class="s-services" (double quotes)

  6. Search entire file for id=' to find all instances

  7. Run code formatter/linter:

    # If using prettier or similar
prettier index.html --check

Expected: All attributes should use double quotes consistently

Issue 7: Console Statements Left in Production Code

Steps to Reproduce:

  1. Open index.html

  2. Open browser DevTools (F12)

  3. Go to Console tab

  4. Refresh page

  5. Observe: Check for messages from Mailchimp or validation plugins

  6. Open js/plugins.js

  7. Search for console.log

  8. Find: console.log("mailchimp ajax submit error: "+text) (line 34)

  9. Find: console.warn("Nothing selected...") (line 40)

  10. Find: console.error("%o has no name assigned", this) (line 40)

  11. Find: console.log(u&&u.stack||u) (line 136)

  12. Test form validation:

    • Try to submit form with invalid email
    • Check Console tab in DevTools
    • Observe: Console messages appear

Expected: Production code should NOT contain console statements

Issue 8: Missing CSRF Protection and Security Meta Tags

Steps to Reproduce:

  1. Open index.html

  2. View page source (Ctrl+U)

  3. Check <head> section

  4. Search for security meta tags:

    • Search for: X-UA-Compatible → NOT FOUND
    • Search for: theme-color → NOT FOUND
    • Search for: apple-mobile-web-app-capable → NOT FOUND

  5. Check forms for CSRF tokens:

    • Find newsletter forms (lines 368, 398)
    • Look for: <input type="hidden" name="csrf_token">
    • Result: NOT FOUND

  6. Test form submission:

    • Open browser DevTools → Network tab
    • Fill newsletter form
    • Submit form
    • Observe: No csrf_token sent in POST data

  7. Security test:

    • Open form in one tab
    • Open same site in another tab from different origin
    • Try to submit form from cross-origin
    • Observe: Form submits without protection (CSRF vulnerability)

Expected: Should see csrf_token in form and security meta tags in head

Issue 9: Outdated jQuery Version

Steps to Reproduce:

  1. Open index.html

  2. Search for: jquery

  3. Find line 464:

    <script src="js/jquery-3.2.1.min.js"></script>

  4. Check version:

    • 3.2.1 released: June 9, 2017
    • Current version: 3.7.x (2024)

  5. View file size:

    # Check file size difference
ls -lh js/jquery-3.2.1.min.js   # Current: ~85KB
# jQuery 3.7.1 minified: ~82KB (smaller + faster)

  6. Check for known vulnerabilities:

    • Visit: jQuery GitHub Releases
    • Compare 3.2.1 with 3.7.x
    • Observe: Multiple security/bug fixes between versions

  7. Test compatibility:

    • Open browser console
    • Type: jQuery.fn.jquery
    • Result: Shows 3.2.1

Expected: Should be 3.7.x or higher

Issue 10: Outdated Inline Event Handlers

Steps to Reproduce:

  1. Open index.html

  2. Scroll to newsletter section

  3. Find input field around line 369:

    <input name="email" class="input" placeholder="Enter email" onfocus="this.placeholder = ''" onblur="this.placeholder = 'Enter email address'" required="" type="email">

  4. Observe: Uses inline onfocus and onblur handlers mixing HTML with JS

  5. Find second instance around line 399:

    <input name="email" class="input" placeholder="Enter email address" onfocus="this.placeholder = ''" onblur="this.placeholder = 'Email Address '" required="" type="email">

  6. Test behavior:

    • Click in email field
    • Observe: Placeholder disappears (onfocus triggered)
    • Click out of field
    • Observe: Placeholder returns (onblur triggered)

  7. Code quality issue:

    • View page source
    • Notice: HTML is cluttered with JavaScript code
    • Notice: Makes debugging harder
    • Notice: No separation of concerns

Expected: Should use addEventListener approach separating HTML from JS

Summary: Quick Verification Checklist

# Issue Quick Check Tool
1 Invalid img tags W3C Validator validator.w3.org
2 Missing alt text DevTools Inspect F12 → Elements
3 Nested headings W3C Validator validator.w3.org
4 Unquoted attribute W3C Validator validator.w3.org
5 Empty form action Submit form Browser Network tab
6 Quote inconsistency Grep search grep "id='" index.html
7 Console statements Open DevTools F12 → Console
8 No CSRF token View source Ctrl+U
9 Old jQuery Check version DevTools: jQuery.fn.jquery
10 Inline handlers View source Ctrl+U

Debugging Tips

For HTML Issues (1, 3, 4, 6):

# Use W3C Validator online
# Or install html5validator
npm install -g html5validator
html5validator index.html

For Accessibility Issues (2):

# Use Chrome Lighthouse
# DevTools → Lighthouse → Accessibility
# Or use axe DevTools browser extension

For Security Issues (5, 8):

# Check form submission in Network tab
# DevTools → F12 → Network → Submit form
# Look for POST request with empty action

For JavaScript Issues (7, 10):

# Check console for messages
# DevTools → F12 → Console
# Search plugins.js for console statements
grep -n "console\." js/plugins.js

For Dependencies (9):

# Check current jQuery version
# DevTools Console: jQuery.fn.jquery
# Or check HTML source for script tag version
grep -i "jquery" index.html

Environment

Production

Version

Cloud

Metadata

Metadata

Assignees

No one assigned

    Labels

    bugSomething isn't working

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions