On Mon, Nov 29, 2010 at 1:53 PM, Ashley Sheridan <span dir="ltr"><<a href="mailto:ash@ashleysheridan.co.uk">ash@ashleysheridan.co.uk</a>></span> wrote:<br><div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">
<div><div><div></div><div class="h5">
On Mon, 2010-11-29 at 10:40 -0800, Charles Pritchard wrote:
<blockquote type="CITE">
<pre>> Date: Sun, 28 Nov 2010 15:54:04 +0100
> From: Christoph P?per<<a href="mailto:christoph.paeper@crissov.de" target="_blank">christoph.paeper@crissov.de</a>>
> To: whatwg group<<a href="mailto:whatwg@lists.whatwg.org" target="_blank">whatwg@lists.whatwg.org</a>>
> Subject: Re: [whatwg] Exposing spelling/grammar suggestions in
> contentEditable
> Message-ID:<<a href="mailto:62959690-0E26-4BBC-AB4F-F9726F24CAF9@crissov.de" target="_blank">62959690-0E26-4BBC-AB4F-F9726F24CAF9@crissov.de</a>>
> Content-Type: text/plain; charset=us-ascii
>
> Charles Pritchard:
>> > A method for a contentEditable section, along the lines of getSpellcheckRanges() would allow for content editors, to stylize and provide further UI controls around spell checking.
> Methinks this belongs into CSS:<<a href="http://lists.w3.org/Archives/Public/www-style/2010Oct/0849.html" target="_blank">http://lists.w3.org/Archives/Public/www-style/2010Oct/0849.html</a>
Should the issue re-arise in the CSS groups: it seems that most of the
vendors are against exposing system dictionary identified misspelled words.
::spelling would need to have the same level of security as a:visited --
only foreground, background color would accept alteration. Anything
else would expose the data being highlighted.
</pre>
</blockquote>
</div></div>
Erm, how would that help? It's currently very easy right now to exploit the a:visited thing to grab an entire history list, which I presume is what you're on about?<br></div></blockquote><div><br>That is fixed or getting fixed in the new versions of most (maybe all) major browsers.<br>
<br><br>/ Jonas<br></div></div><br>