W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Exposing spelling/grammar suggestions in contentEditable

From: Cameron McCormack <cam@mcc.id.au>
Date: Mon, 29 Nov 2010 17:03:10 +1300
Message-ID: <20101129040310.GF10932@wok.mcc.id.au>
Charles Pritchard:
> The content within an editable area is already exposed: xhr is
> available.

That is data that the user has explicitly typed in, though.

> I understand that a 'custom' system dictionary could expose
> private data ... Just as 'suggestions' on form elements do.

Suggestions on form elements can?t be accessed by script on the page.
They only expose information that the user selects.

> What breach is enabled by using a limited spell check?

(What does ?limited? mean?)

If script can programmaticaly get at the spell check results, then it
exposes whether particular words are in the user?s dictionary to that
page.

The assertion is that it is a violation of the user?s privacy for a web
page to know whether a word is in the user?s dictionary or not.  An API
to perform spelling checks and return their results would expose this
information.  As currently handled, spelling checks are done purely at
the UI level, and information about the dictionary is not exposed to
script.

-- 
Cameron McCormack ? http://mcc.id.au/
Received on Sunday, 28 November 2010 20:03:10 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC