[whatwg] Exposing spelling/grammar suggestions in contentEditable
Charles Pritchard
chuck at jumis.com
Sun Nov 28 20:19:25 PST 2010
In thread.
On Nov 28, 2010, at 8:03 PM, Cameron McCormack <cam at mcc.id.au> wrote:
> Charles Pritchard:
>> The content within an editable area is already exposed: xhr is
>> available.
>
> That is data that the user has explicitly typed in, though.
Yes, that's what I meant to point out by the statement.
>
>> I understand that a 'custom' system dictionary could expose
>> private data ... Just as 'suggestions' on form elements do.
>
> Suggestions on form elements can’t be accessed by script on the page.
> They only expose information that the user selects.
Yes, that's what I meant.
>
>> What breach is enabled by using a limited spell check?
>
> (What does “limited” mean?)
>
> If script can programmaticaly get at the spell check results, then it
> exposes whether particular words are in the user’s dictionary to that
> page.
Limited, meaning not particular to a user's dictionary.
>
> The assertion is that it is a violation of the user’s privacy for a web
> page to know whether a word is in the user’s dictionary or not. An API
> to perform spelling checks and return their results would expose this
> information. As currently handled, spelling checks are done purely at
> the UI level, and information about the dictionary is not exposed to
> script.
Yes, and it's a valid assertion. That's why I'm looking for methods to work with that taken into account.
More information about the whatwg
mailing list