Disabling SpellCheck on Sensitive Fields

January 18, 2023 by · Comments Off on Disabling SpellCheck on Sensitive Fields
Filed under: Development, Security 

Do you know what happens when a browser performs spell checking on an input field?

Depending on the configuration of the browser, for example with the enhanced spell check feature of Chrome, it may be sending those values out to Google. This could potentially put sensitive data at risk so it may be a good idea to disable spell checking on those fields. Let’s see how we can do this.

Simple TextBox

   <input type=“text” spellcheck=“false”>

Text Area

     <textarea spellcheck=“false”></textarea>

You could also cover the entire form by setting it at the form level as shown below:

     <form spellcheck=“false”>

Conclusion

It is important to point out that password fields can also be vulnerable to this if they have the “show password” option. In these cases, it is recommended to disable spell checking on the password field as well as other sensitive fields. 

If the field might be sensitve, and doesn’t benefit from spellcheck, it might be a good idea to disable this feature.

Tags: , , , , ,