On Mon, Mar 26, 2012 at 9:39 AM, Henri Sivonen <[email protected]> wrote: > If I chose "Always enable Flash Player on this site" on YouTube, I'd > expect the setting to affect the http://www.youtube.com/ as the > top-level origin at least. Not sure if it should enable YouTube embeds > on other origins.
In my opinion, it should not enable plugins on other sites. Most of the time, those are Flash adverts, I think. I agree totally with your other remarks and suggestions. I don't think it would be very hard to create a click-to-play UI that would cater for advanced users that want to enable/disable different kinds of plugins on a site-by-site basis and the basic user that just expect things to work without having to think. Regards, Martijn > The $NAME_OF_PLUGIN is important: If I always enable Flash Player for > a given site, I don't want the action to enable Java, too, in case the > server is compromised and someone drops a Java-based attack kit there. > > -- > Henri Sivonen > [email protected] > http://hsivonen.iki.fi/ > _______________________________________________ > dev-security mailing list > [email protected] > https://lists.mozilla.org/listinfo/dev-security -- Martijn Wargers - Help Mozilla! http://quality.mozilla.org/ http://wiki.mozilla.org/Mozilla_QA_Community irc://irc.mozilla.org/qa - /nick mw22 _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
