- From: Cameron McCormack <cam@mcc.id.au>
- Date: Mon, 29 Nov 2010 17:03:10 +1300
Charles Pritchard: > The content within an editable area is already exposed: xhr is > available. That is data that the user has explicitly typed in, though. > I understand that a 'custom' system dictionary could expose > private data ... Just as 'suggestions' on form elements do. Suggestions on form elements can?t be accessed by script on the page. They only expose information that the user selects. > What breach is enabled by using a limited spell check? (What does ?limited? mean?) If script can programmaticaly get at the spell check results, then it exposes whether particular words are in the user?s dictionary to that page. The assertion is that it is a violation of the user?s privacy for a web page to know whether a word is in the user?s dictionary or not. An API to perform spelling checks and return their results would expose this information. As currently handled, spelling checks are done purely at the UI level, and information about the dictionary is not exposed to script. -- Cameron McCormack ? http://mcc.id.au/
Received on Sunday, 28 November 2010 20:03:10 UTC