design-reviews#1148: Incubation: Preventing User Dictionary Leaks via ::spelling-error and ::grammar-error CSS Pseudo-Elements

#1148: Incubation: Preventing User Dictionary Leaks via ::spelling-error and ::grammar-error CSS Pseudo-Elements

Visit on Github.

Opened

Sep 8, 2025

Explainer

https://explainers-by-googlers.github.io/user-dictionary-leaks/

The explainer

Includes the information requested by the Explainer Explainer.
Follows the Web Platform Design Principles.
Includes or links to answers to the Security/Privacy Questionnaire.
Describes user research you did to validate the problem and/or design.

Where and by whom is the work is being done?

GitHub repo: https://github.com/explainers-by-googlers/user-dictionary-leaks
Primary contacts:
- @arichiv, Google Chrome
- @arturjanc, Google Chrome
- @ladankhamnian, Google Chrome
Organization/project driving the design: Google Chrome
This work is being funded by: Google
Incubation and standards groups that have discussed the design:
- https://github.com/privacycg/meetings/issues/42
Standards group(s) that you expect to discuss and/or adopt this work when it's ready: Privacy CG

Feedback so far

Multi-stakeholder feedback:
- Chromium comments: https://crbug.com/415712674, https://groups.google.com/a/chromium.org/g/blink-dev/c/vF5Uc8Ltga8
- Mozilla comments: https://github.com/mozilla/standards-positions/issues/1294
- WebKit comments: https://github.com/WebKit/standards-positions/issues/546

You should also know that...

We want to prevent websites from extracting information about a user’s dictionary using CSS spelling/grammar hint highlights. This is currently possible by making a text field with a repeated (misspelled) word autofocus and monitoring rendering performance to notice when highlighting occurs.