Aller au contenu principal
Jahia Store
FR

Page Quality Audit

community
Télécharger 1.3.0

Informations

Identifiant du module
page-audit
Identifiant de groupe
org.jahia.se.modules
Statut
community
Catégorie
Pre-built templates and components, Content Features
Auteur
Stephane Monier
Site web du développeur
http://www.jahia.com
Nécessite Jahia
8.2.0.0
Mis à jour
2026-07-09
Source
https://github.com/Jahia/page-audit
Étiquettes
  • audit
  • accessibility
  • wcag
  • seo
  • quality
  • web-vitals
  • readability
  • link-checker
  • page-builder

Page Quality Audit adds a Page audit action to Page Builder top menu bar. One click opens a side drawer that loads the current page in a live preview and audits it across seven tabs. Every tab leads with clear, severity-ranked recommendations written for content editors: what is wrong, why it matters, and how to fix it. Issues can be highlighted directly in the preview, results are cached per page with a "last audit" timestamp - and a notice tells you when the page changed since the audit - and the whole interface ships in English and French.

Accessibility runs the full axe-core WCAG A / AA / AAA rule set with per-level scorecards. It is transparent about what automation can and cannot do: it shows the engine version and rules executed, lists the borderline cases that need human review, and includes a guided manual checklist for the WCAG criteria no tool can verify.

SEO checks title and meta description lengths, accidental noindex directives, canonical URLs, structured data (JSON-LD), language attributes, image alt coverage and link labels, and renders a social sharing preview card from the page's Open Graph tags.

Links verifies every internal link with the editor's session and lists broken ones, and flags hardcoded URLs, mixed content and unsafe new-tab links.

Jahia does what no generic web tool can: it queries the repository to find unpublished content blocks visitors cannot see, content missing translations in the site's languages, raw translation keys visible on the page, and leftover placeholder text.

Web Vitals measures TTFB, load milestones, layout shift and estimated LCP in the editor's browser, with diagnostics editors can act on: page weight, request count, oversized images and images without dimensions.

Readability scores the text with Flesch (English) or Kandel-Moles (French) formulas and checks sentence length, paragraph density and heading structure.

AI review (optional) sends the page text and the audit findings to the LLM of your choice - Anthropic, OpenAI or DeepSeek - and returns an overall assessment plus up to 15 prioritized recommendations across dimensions no automated check covers: proofreading, factual accuracy, consistency, calls to action, localization quality and legal risk. Quoted wording is highlightable in the preview, and every review shows its token consumption and estimated cost. Configured server-side by an administrator (the API key never reaches the browser); disabled until configured.

The audit runs on the default workspace, so editors check exactly what they are editing before publishing. Editor-only tooling (such as the jExperience persona preview) is automatically excluded from results. By default no external services are called and no data leaves the platform; the optional AI review is the single exception - it sends page content to the LLM provider your administrator explicitly configures.

Requires Jahia 8.2+. Enable the module on each site where the action should appear.

Captures d'écran

Versions

1.3.0 - 2026-07-09

Security

  • Hardened the AI review endpoint against abuse of the operator's LLM key (fixes #16, PR #17):
    • Authorization - the review is bound to a page the caller can read (jcr:read); unreadable or missing paths are rejected with 403.
    • Rate limiting - per-user sliding window of 30 reviews / 10 minutes (429 beyond that), protecting the shared provider quota and cost.
    • Unauthenticated disclosure - the status GET now requires a non-guest user, so provider/model/enabled state is no longer readable anonymously.
    • CSRF - the POST requires Content-Type: application/json (415 otherwise) and rejects cross-origin browser requests via an Origin/Referer host check.
    • Error disclosure - provider/exception detail is logged server-side only; the client receives a generic message.
    • Link checker - only same-origin links on a read-only content-serving allowlist (/cms/render, /cms/file, /files) are verified with the editor's session; every other same-origin link is counted but never fetched, so a planted link cannot trigger a credentialed side-effect request from whoever audits the page.
Nécessite Jahia 8.2.0.0Mis à jour 2026-07-09
Nécessite Jahia 8.2.0.0Mis à jour 2026-07-09
Nécessite Jahia 8.2.0.0Mis à jour 2026-07-08
Nécessite Jahia 8.2.0.0Mis à jour 2026-07-08