On Fri, Mar 23, 2012 at 9:19 PM, Curtis Koenig <[email protected]> wrote: > Feature Page: https://wiki.mozilla.org/Opt-in_activation_for_plugins
That pages says: > Optional requirements > > Manage plugin run settings on a per-site basis > Control plugins on a per-plugin basis for a given site > Mitigate attacks where user interacts with site (clickjacking, or simply > wants to run vulnerable plugin) > User is tired of always clicking to play a given plugin (i.e. YouTube, or > their favorite Java game site) > > A user has clicked on this four times in X days, so automatically enable > this plugin on this site until user revokes this decision > (about:permissions?) and/or remember decision for Y days after last click > Jruderman has suggested a context menu instead of a click - this is a > mitigation against click jacking. Could provide "Now/Always/Never" choices. Making automatic future decisions based on past click history scares me. Doing that sort of thing leads to UIs that the user doesn't understand. It makes users feel they aren't in control. (Consider the Microsoft Word feature that tries to guess edits to the named style definitions from the user's use of direct manipulation of style properties of the current selection. It's terribly confusing and frustrating.) Also, I think managing plugin run settings on a per-site basis should be a core feature, because many people want to presumptively block plug-ins but then always enable a given plug-in on a site they visit repeatedly (e.g. always enable Flash on YouTube and Vimeo, always enable Java on your bank's site, it you haven't yet managed to switch to a bank that doesn't use Java). I think Jesse's suggesting makes sense. I'd want to have a context menu on click-to-play plug-in instances that allow me to "Always enable $NAME_OF_PLUGIN on this site" and "Never enable $NAME_OF_PLUGIN on this site". (The latter would behave for that site as if the plug-in wasn't installed so that <object>'s fallback content shows.) If I chose "Always enable Flash Player on this site" on YouTube, I'd expect the setting to affect the http://www.youtube.com/ as the top-level origin at least. Not sure if it should enable YouTube embeds on other origins. The $NAME_OF_PLUGIN is important: If I always enable Flash Player for a given site, I don't want the action to enable Java, too, in case the server is compromised and someone drops a Java-based attack kit there. -- Henri Sivonen [email protected] http://hsivonen.iki.fi/ _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
