Re: Solution to grammar, spelling, and from Charles Pritchard on 2011-02-09 (public-canvas-api@w3.org from January to March 2011)

From: Charles Pritchard <chuck@jumis.com>
Date: Tue, 08 Feb 2011 18:16:26 -0800
To: Maciej Stachowiak <mjs@apple.com>
CC: Richard Schwerdtfeger <schwer@us.ibm.com>, david.bolter@gmail.com, franko@microsoft.com, public-canvas-api@w3.org, public-html-a11y@w3.org, public-html-a11y-request@w3.org
Message-ID: <4D51F8FA.5060807@jumis.com>

On 2/8/2011 7:15 AM, Richard Schwerdtfeger wrote:
> I forgot to add that there is NO API to get a grammar or spelling 
> error in markup in contenteditable sections in JavaScript. So, even if 
> we could use Apple's engine for processing spelling and grammar errors 
> it is not being made available to a web application drawing on canvas 
> to be able to convey the error on the physical drawing surface. A 
> cloud based application that wants to render these errors on canvas is 
> forced to use their own services for grammar and spell checking. 

It was claimed on the whatwg lists that iOS devices do not have an API 
to turn-off the learning-spellchecker and use the system default.
My reading of the API is different, as I saw it, there is a feature to 
ignore the custom dictionary.

On environments where the custom dictionary is the only option 
available, spellcheck could leak private information
to a brute force attacker; the iOS shares contact lists, and it's 
possible that a brute force attack could clean some information from 
that shared data.

It's a very thin area of attack, and I think its a moot point if the 
built-in spell check is used.
My take on it is that an API should be available, and if there's a 
security issue, then it can just return an empty list when called.

There were some arguments about system fingerprinting; but they're 
unreasonable when put in perspective, considering that
the window.navigator object already exposes such information.

-Charles

Received on Wednesday, 9 February 2011 02:16:57 UTC