We're talking about multiple domains here: the container (eg. facebook.com) and the content (eg. youtube.com, hulu.com, zynga.com etc.) I'm not sure if we need to support fine-grained controls over both types of domains here, or simply allow plug-in content to play back immediately when a click is received on the container. We'll have to try different approaches here and go with what makes the best sense.
-- Jet ----- Original Message ----- From: "Ian Melven" <[email protected]> To: "Jet Villegas" <[email protected]> Cc: "security-group group" <[email protected]>, [email protected] Sent: Friday, April 6, 2012 3:57:36 PM Subject: Re: Opt-in activation for plugins (aka click to play) My opinion is that click to play absolutely should have an easy 'always allow plugins to play on this domain' option for the user for cases like this - this should be persisted unless the user decides to explicitly revoke it. Would that address your concern ? thanks, ian ----- Original Message ----- From: "Jet Villegas" <[email protected]> To: "Lucas Adamski" <[email protected]>, "Jared Wein" <[email protected]> Cc: "Asa Dotzler" <[email protected]>, "Kev Needham" <[email protected]>, "security-group group" <[email protected]>, "Madhava Enros" <[email protected]>, "Stephen Horlander" <[email protected]>, "Justin Dolske" <[email protected]>, [email protected] Sent: Friday, April 6, 2012 3:13:45 PM Subject: Re: Opt-in activation for plugins (aka click to play) Sites like Facebook already have an image preview of their Flash links that users already have to click to play. We may need some way to avoid requiring multiple clicks to get at the plug-in content. -- Jet ----- Original Message ----- From: "Lucas Adamski" <[email protected]> To: "Jared Wein" <[email protected]> Cc: "Asa Dotzler" <[email protected]>, "Kev Needham" <[email protected]>, "security-group group" <[email protected]>, "Madhava Enros" <[email protected]>, "Stephen Horlander" <[email protected]>, "Justin Dolske" <[email protected]>, [email protected] Sent: Wednesday, April 4, 2012 2:16:08 PM Subject: Re: Opt-in activation for plugins (aka click to play) On Apr 2, 2012, at 6:37 PM, Jared Wein wrote: > >> >> How would you implement a checkbox in a normal click-to-play >> (in-content) experience? >> >> To be clear that's a 30 day sliding window from last time content was >> played there. So if you visit a given site with plugin content (say >> youtube.com) at least once every 30 days, you conceivably should not >> see that prompt again unless you become vulnerable to a security >> issue. > > We can put checkboxes in the plugin overlay, similar to what we have for > crashed plugins. When the overlay is too small to use we can add secondary > options in the doorhanger dropdown for users to choose to remember the > settings. Ah ok, makes sense. I'd love to get UX feedback here on these respective proposals (implicit persistence of permission on a sliding time window vs explicit checkbox in overlay). Thanks! Lucas. _______________________________________________ Security-group mailing list https://mail.mozilla.org/listinfo/security-group _______________________________________________ Security-group mailing list https://mail.mozilla.org/listinfo/security-group _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
