Hello, This intent came up in security review, and I'm mostly confused:
- The explainer mostly seems to assume that these are stored in-memory, per-document. But it also talks about absence of cross-origin-requests; only to add info about CORS, which only makes sense for cross-origin requests. - There are multiple references to loading data, but there is no explanation about what kind of network requests are being made when or where. - The explainer suggests "Persistently store data" as an optimization for having to re-load large dictionaries. Again, no information about which requests are being optimized away. - In "Data Storage" it is pointed out that CustomDictionaryEngine exists per renderer process. While renderer processes mostly don't have cross-origin data, they sometimes do. And they may hold multiple documents. This seems inconsistent with information being stored per-document. Non-security feedback: - Since this is a web-exposed API, I'd have expected some attempt at checking with other browser engines on support. - I do not understand the "High-level Architecture". It seems to feature a stack of methods that feeds into yes/no decisions which feeds into a storage thing. I have no idea what this is meant to convey. - Blink>DOM might not be the right component for this. Could you please update the documentation to be more clear about where data is stored, and about which network requests are being made? On Fri, Jul 18, 2025 at 12:08 PM Chromestatus < ad...@cr-status.appspotmail.com> wrote: > Contact emails ji...@igalia.com > > Explainer https://github.com/Igalia/explainers/tree/main/dictionary-api > > Specification None > > Design docs > https://github.com/Igalia/explainers/tree/main/dictionary-api#-proposal > > Summary > > The proposed APIs enable users to modify the document local dictionary in > the browser. Users can add, remove, and check words in the document local > dictionary. This feature ensures the browser does not mark words in the > document local dictionary as spelling errors. > > > Blink component Blink>DOM > <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EDOM%22> > > Motivation > > Some words need to be added to the document custom dictionary so that the > browser does not mark them as spelling errors. The added words need to be > removed at some point if they aren't necessary. Current specs such as > element.spellcheck attribute and ::spelling-error CSS pseudo-element manage > the words already in the dictionary. Therefore, the new API would be needed > to manipulate the document local dictionary. > > > Initial public proposal None > > TAG review None > > TAG review status Pending > > Risks > > > Interoperability and Compatibility > > None > > > *Gecko*: No signal > > *WebKit*: No signal > > *Web developers*: No signals > > *Other signals*: > > WebView application risks > > Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications? > > None > > > Debuggability > > None > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> > ? Yes > > third_party/blink/web_tests/wpt_internal/dom/local-dictionary/* There is > WIP patch which includes the tests > > > Flag name on about://flags None > > Finch feature name None > > Non-finch justification None > > Requires code in //chrome? False > > Tracking bug https://issues.chromium.org/issues/428005649 > > Estimated milestones > > No milestones specified > > > Link to entry on the Chrome Platform Status > https://chromestatus.com/feature/6185007701557248?gate=4503614776934400 > > This intent message was generated by Chrome Platform Status > <https://chromestatus.com>. > > -- > You received this message because you are subscribed to the Google Groups > "blink-dev" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to blink-dev+unsubscr...@chromium.org. > To view this discussion visit > https://groups.google.com/a/chromium.org/d/msgid/blink-dev/687a1d04.170a0220.2dad83.0168.GAE%40google.com > <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/687a1d04.170a0220.2dad83.0168.GAE%40google.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALG6KPPzd95-XN%2BjWHLmvwjLg3wv6WjZWYvP52T6Rp%3DjEg_EVw%40mail.gmail.com.
