On Fri, Mar 23, 2012 at 9:19 PM, Curtis Koenig <
cur...@mozilla.com> wrote:
> Feature Page:
https://wiki.mozilla.org/Opt-in_activation_for_plugins
That pages says:
> Optional requirements
>
> Manage plugin run settings on a per-site basis
> Control plugins on a per-plugin basis for a given site
> Mitigate attacks where user interacts with site (clickjacking, or simply wants to run vulnerable plugin)
> User is tired of always clicking to play a given plugin (i.e. YouTube, or their favorite Java game site)
>
> A user has clicked on this four times in X days, so automatically enable this plugin on this site until user revokes this decision (about:permissions?) and/or remember decision for Y days after last click
> Jruderman has suggested a context menu instead of a click - this is a mitigation against click jacking. Could provide "Now/Always/Never" choices.
Making automatic future decisions based on past click history scares
me. Doing that sort of thing leads to UIs that the user doesn't
understand. It makes users feel they aren't in control. (Consider the
Microsoft Word feature that tries to guess edits to the named style
definitions from the user's use of direct manipulation of style
properties of the current selection. It's terribly confusing and
frustrating.)
Also, I think managing plugin run settings on a per-site basis should
be a core feature, because many people want to presumptively block
plug-ins but then always enable a given plug-in on a site they visit
repeatedly (e.g. always enable Flash on YouTube and Vimeo, always
enable Java on your bank's site, it you haven't yet managed to switch
to a bank that doesn't use Java).
I think Jesse's suggesting makes sense. I'd want to have a context
menu on click-to-play plug-in instances that allow me to "Always
enable $NAME_OF_PLUGIN on this site" and "Never enable $NAME_OF_PLUGIN
on this site". (The latter would behave for that site as if the
plug-in wasn't installed so that <object>'s fallback content shows.)
If I chose "Always enable Flash Player on this site" on YouTube, I'd
expect the setting to affect the
http://www.youtube.com/ as the
top-level origin at least. Not sure if it should enable YouTube embeds
on other origins.
The $NAME_OF_PLUGIN is important: If I always enable Flash Player for
a given site, I don't want the action to enable Java, too, in case the
server is compromised and someone drops a Java-based attack kit there.
--
Henri Sivonen
hsiv...@iki.fi
http://hsivonen.iki.fi/