[whatwg] Exposing spelling/grammar suggestions in contentEditable
Charles Pritchard
chuck at jumis.com
Thu Dec 2 12:30:48 PST 2010
On 11/28/2010 11:30 PM, Benjamin Hawkes-Lewis wrote:
> Breaches would include:
>
> 1. Detecting the user's language (including fine distinctions like
> British/US English).
> 2. Fingerprinting the user's system. Different systems likely use
> different dictionaries with different coverage. You could use
> dictionary profiles to guess at the user's system (potentially down to
> operating system and version).
I haven't seen a response on these issues: They're currently exposed via
window.navigator,
so I'm just having a hard time seeing what the push-back is actually about.
I think a good case was made for NOT exposing actual spelling
suggestions. I haven't heard one regarding exposing DOM ranges for
mis-spelled text.
Limitations of the <input type="text"> element to a single range, is a
reasonable issue..
But what is with these two above? They've been echoed, and seem to be
more of a devil's advocate argument than
one rooted in evidence.
Has there been a fundamental discussion about security regarding locale
fingerprinting?
At this point, we're talking about language codes as a level of personal
privacy we reserve for a person's name, home address, etc. Has this
point, and the potential for abuse, actually been discussed by experts?
I can tell you, that blocking the issue does have real usability costs:
blocking the issue without expert review, means that we're weighing
actual, measurable usability costs with perceived insecurities. That
doesn't seem reasonable to me.
FWIW: It's reasonably simple to use a minimum of scripting code to
detect an input language, given only a sentence or two of data. I
understand that there are situations where language use is regulated,
but those situations carry so many other reductions in freedom: I highly
doubt that exposing input locale would be anything but trivial in
comparison to other issues. And window.navigator already carries this
data, for the most part.
Input locale is being discussed on www-dom for text entry.
Can I get some further, reasonable discussion, on this issue? It's fine
that Benjamin brought up that such data could be exposed,
but when looked at in context of the current scripting environment: that
data is already exposed.
-Charles
More information about the whatwg
mailing list