#1148: Incubation: Preventing User Dictionary Leaks via ::spelling-error and ::grammar-error CSS Pseudo-Elements
Discussions
Log in to see TAG-private discussions.
Comment by @arichiv Oct 9, 2025 (See Github)
Just sent an Intent to Experiment for Chrome: https://groups.google.com/a/chromium.org/g/blink-dev/c/SvEKV_Jhlqo?e=48417069
Discussed
Oct 13, 2025 (See Github)
Xiaocheng: This proposal is about adding restrictions to the triggering of the spell checker to reduce leakage of user dictionary. I suggested the spell checker only be triggered by user actions, which seems like the right thing to do. As this is an early incubation review, I think that's sufficient. We can leave the exact wording to the future.
Yves: Xiaocheng wanted to close as 'validated' and I think we should close as 'satisfied' - completely agree on Xiaocheng's analysis.
Hadley: Who'll write the closing comment.
Xiaocheng: I reviewed the code too.
Group is happy for Xiaocheng to post it
Hadley: may be good to add that we're happy and looking forward to talking with them in the future.
Comment by @xiaochengh Oct 16, 2025 (See Github)
Hi @arichiv, the TAG discussed it at a Breakout today and agreed that this is the right way to go. Therefore closing it as satisfied.
Since this is an early review, we are looking forward to further experiments and discussions. Feel free to reopen it when there are more to discuss!
OpenedSep 8, 2025
Explainer
https://explainers-by-googlers.github.io/user-dictionary-leaks/
The explainer
Where and by whom is the work is being done?
Feedback so far
You should also know that...
We want to prevent websites from extracting information about a user’s dictionary using CSS spelling/grammar hint highlights. This is currently possible by making a text field with a repeated (misspelled) word autofocus and monitoring rendering performance to notice when highlighting occurs.
<!-- Content below this is maintained by @w3c-tag-bot -->Track conversations at https://tag-github-bot.w3.org/gh/w3ctag/design-reviews/1148