iancoleman
commented
5 years ago Thanks for reporting this, I really appreciate it.
I'm going to add tags to disable spellcheck as per https://stackoverflow.com/a/254716
Whether this is actually a security hole... I found no indication that spellcheck is ever done via remote services in the browser. Any more info on this would be welcome.
Recently, Coinomi was accused for enabling spellcheck feature by mistake: https://www.reddit.com/r/CryptoCurrency/comments/av7gfi/warning_coinomi_wallet_critical_vulnerability/
I wonder is this a security hole? If so, should we fix it?