W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2010

[whatwg] Exposing spelling/grammar suggestions in contentEditable

From: Benjamin Hawkes-Lewis <bhawkeslewis@googlemail.com>
Date: Mon, 29 Nov 2010 07:30:12 +0000
Message-ID: <AANLkTikkMYB2NtAkp29EPuc5Qg-JLeA2mdTcq8NMw3ia@mail.gmail.com>
On Mon, Nov 29, 2010 at 4:19 AM, Charles Pritchard <chuck at jumis.com> wrote:
>>> What breach is enabled by using a limited spell check?
>> (What does ?limited? mean?)
>> If script can programmaticaly get at the spell check results, then it
>> exposes whether particular words are in the user?s dictionary to that
>> page.
> Limited, meaning not particular to a user's dictionary.

Breaches would include:

   1. Detecting the user's language (including fine distinctions like
British/US English).
   2. Fingerprinting the user's system. Different systems likely use
different dictionaries with different coverage. You could use
dictionary profiles to guess at the user's system (potentially down to
operating system and version).

Also your proposed limitation might well require user agents on some
platforms to implement their own dictionary service as opposed to
using platform dictionary services.

For example, say you were building a user agent for OS X. AFAICT you
can't exclude the user's dictionary when querying the system
spellchecking API:


It would also make for a confusing user experience where the same
spellchecking UI yields different results in some web applications for
no obvious reason.

If you don't need the user's dictionary or the same spellchecking UI,
you could disable spellchecking with the "spellcheck" attribute and
roll your own over XHR/web sockets.


Benjamin Hawkes-Lewis
Received on Sunday, 28 November 2010 23:30:12 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:28 UTC