It is a pure UA feature, I was thinking more of cases where websites anticipate (without getting official confirmation back from the UA) that a spelling/grammar check was run to assist with users editing text. In practice, I assume most sites have basic fields that weren't designed to consider that or are a full text editor like google docs that has its own spelling/grammar check with no UA dependency.
~ Ari Chivukula (Their/There/They're) On Tue, Oct 14, 2025 at 10:01 AM Rick Byers <[email protected]> wrote: > LGTM > > Are you aware of any real-world code where this could potentially cause > compatibility issues? Or is the comment > <https://explainers-by-googlers.github.io/user-dictionary-leaks/#compatibility-concerns> > in the explainer just hypothetical? To my naive understanding, spelling and > grammar hints seem more like a UA feature than a web-exposed feature to me. > > On Fri, Oct 10, 2025 at 8:48 AM Stephen Chenney <[email protected]> > wrote: > >> Just to be clear, when you say "spelling and grammar hints" are you >> referring to the marker drawn under the word or some other hint >> (suggestions, though they require specific interaction already, I believe)? >> Maybe use "marker" instead of "hint". >> >> Assuming you mean markers, for context it's worth saying that CSS allows >> styling of the spelling and grammar markers, and by applying things like >> large text shadows to misspelled words the rendering time can be >> significantly impacted. You can enhance the impact by adding additional >> custom highlights to the word. >> >> With that in mind I fully support this intent. >> >> Stephen. >> >> On Thu, Oct 9, 2025 at 11:45 AM Ari Chivukula <[email protected]> >> wrote: >> >>> Contact emails >>> >>> [email protected], [email protected], [email protected], >>> [email protected] >>> Explainer/Specification >>> >>> https://explainers-by-googlers.github.io/user-dictionary-leaks/ >>> >>> Summary >>> >>> This experiment would change when spelling and grammar hints are applied >>> to text fields to reduce the of websites ability to extract information >>> about the user’s dictionary, specifically: >>> >>> - >>> >>> Hints would not be applied to a text field that has not had user >>> interaction (an autofocus >>> >>> <https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/autofocus> >>> is insufficient, there must be a click or key press of some kind relative >>> to that field). >>> - >>> >>> Hints would only be applied once per user interaction (the text >>> cannot be changed programmatically and have hints applied without a click >>> or key press of some kind relative to that field). >>> >>> >>> Blink component >>> >>> Blink>Editing>Spellcheck >>> <https://issues.chromium.org/issues?q=customfield0:%22Blink%3EEditing%3ESpellcheck%22> >>> >>> TAG review >>> >>> https://github.com/w3ctag/design-reviews/issues/1148 >>> >>> >>> Motivation >>> >>> The user’s dictionary may contain sensitive information, for example >>> some operating systems import the contents of the user’s address book to >>> assist with the spelling of names/addresses. Although direct indicators of >>> the ::spelling-error and ::grammar-error cannot be extracted, it’s >>> possible to extract indirect information from browsers without rate limits >>> on the application of these hints. In Chrome and Firefox, it’s possible to >>> have an autofocused >>> <https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Global_attributes/autofocus> >>> text area cycle programmatically through a series of misspelled words, and >>> for the site to monitor indicators of rendering performance to notice when >>> hints are applied. This allows sites (or their third-party embeds) to >>> detect which words are or aren’t in the user’s dictionary, which could leak >>> sensitive information stored there (for example, their contacts' names). >>> Safari already has rate limits in place which only check for and apply >>> hints once per user interaction with the text field (e.g., a key input or >>> click). >>> >>> Risks >>> >>> Interoperability and Compatibility >>> >>> Safari is already in full compliance with these changes, while Firefox >>> and Chrome are only in partial compliance with the first one (they do count >>> autofocused fields, but don’t apply new hints to fields that aren’t in >>> active focus). >>> >>> Gecko: https://github.com/mozilla/standards-positions/issues/1294 >>> >>> WebKit: https://github.com/WebKit/standards-positions/issues/546 >>> >>> Debuggability >>> >>> This isn’t exposed to DevTools. >>> >>> Measurement >>> >>> UMA will be added to the SpellChecker >>> <https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/editing/spellcheck/spell_checker.h> >>> class that notes when hints are registered to the document so that browsers >>> in and out of the experiment can be compared. >>> >>> Will this feature be supported on all six Blink platforms (Windows, Mac, >>> Linux, ChromeOS, Android, and Android WebView)? >>> >>> Yes >>> >>> Is this feature fully tested by web-platform-tests? >>> >>> No, this isn’t observable outside browsertests. >>> >>> Flag name on about://flags >>> >>> N/A >>> >>> Finch feature name >>> >>> RestrictSpellingAndGrammarHighlights >>> >>> Rollout plan >>> >>> 1% experiment on stable to see if this causes any drop in key metrics. >>> >>> Requires code in //chrome? >>> >>> No >>> >>> Tracking bug >>> >>> https://crbug.com/415712674 >>> >>> Estimated milestones >>> >>> 143 >>> >>> Link to entry on the Chrome Platform Status >>> >>> https://chromestatus.com/feature/5080415048171520 >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "blink-dev" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to [email protected]. >>> To view this discussion visit >>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJnHAOx7Khuqgu-xLgmu3R4UYeqfrkqVasuQx4A0JK_vg%40mail.gmail.com >>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DJnHAOx7Khuqgu-xLgmu3R4UYeqfrkqVasuQx4A0JK_vg%40mail.gmail.com?utm_medium=email&utm_source=footer> >>> . >>> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to [email protected]. >> To view this discussion visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGsbWzR%3DPLayX1q-f9HbXEDXfVS299B_iKhzF0dXPuxeJkcx_A%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGsbWzR%3DPLayX1q-f9HbXEDXfVS299B_iKhzF0dXPuxeJkcx_A%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAGpy5DKb7yP1nFSyd6Lva92f%2BoH%3DsRYzYodU46q_8ibU-Mwv-Q%40mail.gmail.com.
