Closed Bug 149478 Opened 23 years ago Closed 21 years ago

XPI install confirmation should default to cancel, not Install

Categories

(Core Graveyard :: Installer: XPInstall Engine, defect)

Product:
Core Graveyard
Component:
Installer: XPInstall Engine
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED
Milestone:
mozilla1.0.1

People

(Reporter: BenB, Assigned: dveditz)

References

Details

(Keywords: fixed1.4.3, Whiteboard: [adt1 rtm] [ETA 08/10] [regression fixed(again)1.7b])

Attachments

(4 obsolete files)

Reproduction: 1. Go to <http://www.beonex.com/communicator/version/0.8/add-ons/binaries/java/> and click the install butten or by some other means trigger the install of an XPI. Actual result: The confirmation dialog has 2 buttons, Install and Cancel, and the install button is the default. Expected result: The Cancel button is the default. Additional Comments: - I think this is a regression, it at some point defaulted to Cancel. Rationale: - XPIs have full local rights - the install scripts and/or binaries in them may do everything the user can do. - We know that many users just click the default button (without reading any text), if they hit a msgbox they don't know. Since it is very easy to trigger that dialog (we don't prevent that in any way - a simple link or JS will suffice), it is insanely easy for attackers to take control over the machines of naive users. Actually, even users who are aware of the risks, but just in a hurry, might not recignize the dialog and just hit enter / click the highlighted button.
There have been times when neither button was the default because we had a focus problem, but I've always intended the Install button to be the default. I can see your point, though. I think I'd prefer no default to a default of cancel. It's just as much work to Install, but a lot harder to accidentally cancel out on auto-pilot. At some point we should re-think the wording and presentation of the dialog, too. It says all the right things but it's just not scary enough.
Severity: major → enhancement
Status: NEW → ASSIGNED
Summary: XPI install confirmation defaults to Install → XPI install confirmation should default to cancel, not Install
Need UE input on this dialog, but we definitely need to change the default.
Severity: enhancement → normal
Keywords: nsbeta1+
OS: Linux → All
Hardware: PC → All
*** Bug 161713 has been marked as a duplicate of this bug. ***
Blocks: 161721
Adding adt1 rtm per the adt.
Whiteboard: [adt1 rtm]
Target Milestone: --- → mozilla1.0.1
The skin install and enablePrivilege dialogs also have Install/Yes as the default buttons (Enter key), but they have checkboxes so bug 133582 keeps them from having inital focus (Space key).
We also need to change the defaults for the enablePrivilege and skin-install dialogs. The same usability arguments and security holes apply to those dialogs, but with "space" replaced with "enter" because of bug 133582.
Comment on attachment 94580 [details] [diff] [review] (Av1) Make "cancel" the default [Checked in: Comment 13 and 14] r=syd
Attachment #94580 - Flags: review+
Blocks: 143043
Keywords: mozilla1.0.1
Whiteboard: [adt1 rtm] → [adt1 rtm] [ETA Needed]
adt1.0.1+ (on the ADT's behalf) approval for checkin to the 1.0 branch, pending sr= and Drivers' approval. pls check this in asap, then replace "mozilla1.0.1+", with "fixed1.0.1". thanks!
Blocks: 147043
No longer blocks: 143043
Keywords: adt1.0.1+, approval
Whiteboard: [adt1 rtm] [ETA Needed] → [adt1 rtm] [ETA 08/10]
Comment on attachment 94580 [details] [diff] [review] (Av1) Make "cancel" the default [Checked in: Comment 13 and 14] sr=mscott
Attachment #94580 - Flags: superreview+
Comment on attachment 94580 [details] [diff] [review] (Av1) Make "cancel" the default [Checked in: Comment 13 and 14] Approved for 1.0 branch; change mozilla1.0.1+ to fixed1.0.1 when done.
Attachment #94580 - Flags: approval+
a=asa (on behalf of drivers) for checkin to 1.1
Fixed on 1.0 and 1.1 branches
Keywords: mozilla1.0.1+fixed1.0.1
Checked into trunk
Status: ASSIGNED → RESOLVED
Closed: 23 years ago
Resolution: --- → FIXED
Thanks! :-)
verified on branch 1.0 (8/11) branch 1.1 (8/12)
Status: RESOLVED → VERIFIED
QA Contact: jimmylee → gbush
Keywords: fixed1.0.1verified1.0.1
The default is Install in Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7a) Gecko/20040213. Did this regress?
This regressed with sspitzer's fix for bug 214721 -- focus setting code got zapped
Status: VERIFIED → REOPENED
Keywords: regression
Resolution: FIXED → ---
Should get fixed for the next release, marking blocker in case I forget
Flags: blocking1.7b+
Attachment #94580 - Attachment description: Make "cancel" the default → Make "cancel" the default [Checked in: Comment 13 and 14]
Attachment #94580 - Attachment is obsolete: true
Attachment #94580 - Attachment description: Make "cancel" the default [Checked in: Comment 13 and 14] → (Av1) Make "cancel" the default [Checked in: Comment 13 and 14]
Regression fix: "Av1 like" patch, with "dialog syntax" instead of "window syntax".
Attachment #142877 - Flags: superreview?(mscott)
Attachment #142877 - Flags: review?(slogan)
Attachment #142877 - Attachment is obsolete: true
Attachment #142877 - Flags: superreview?(mscott)
Attachment #142877 - Flags: review?(slogan)
Regression fix: "Av1 like" patch, with "dialog syntax" instead of "window syntax"; plus a little cleanup.
Attachment #142879 - Flags: superreview?(mscott)
Attachment #142879 - Flags: review?(slogan)
Comment on attachment 142879 [details] [diff] [review] (Bv1b) <institems.js> (doing Av1 again) Serge: slogan@cts.com (Syd Logan) doesn't work on Mozilla anymore. > // set the okay button in the param block > if (gParam) >- gParam.SetInt(0, 0 ); >+ gParam.SetInt(0, 0); the indenting here was fine. > // set the cancel button in the param block > if (gParam) >- gParam.SetInt(0, 1 ); >+ gParam.SetInt(0, 1); same here.
Attachment #142879 - Attachment is obsolete: true
Attachment #142879 - Flags: superreview?(mscott)
Attachment #142879 - Flags: review?(slogan)
Bv1b, with comment 22 suggestion(s). (Enforces 2-car. indentation on the few remaining lines which were not.)
Attachment #142929 - Flags: superreview?(mscott)
Attachment #142929 - Flags: review?(dveditz+bmo)
Attachment #142929 - Attachment description: (Bv1c) <institems.js> (doing Av1 again) → (Bv1c) <institems.*> (doing Av1 again)
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] sr=dveditz, you can get r= from bsmedberg or ajschult
Attachment #142929 - Flags: superreview?(mscott)
Attachment #142929 - Flags: superreview+
Attachment #142929 - Flags: review?(dveditz+bmo)
Attachment #142929 - Flags: review?(ajschult)
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] r=ajschult
Attachment #142929 - Flags: review?(ajschult) → review+
Has anyone tested this on a Mac?
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] (In reply to comment #26) > Has anyone tested this on a Mac? Not me: PC/W98SE only.
(In reply to comment #26) > Has anyone tested this on a Mac? I tested on Linux. Are there specific Mac issues that might be exposed by this patch?
(In reply to comment #28) > (In reply to comment #26) > > Has anyone tested this on a Mac? > > I tested on Linux. Are there specific Mac issues that might be exposed by this > patch? neil: Is there a (potential) issue here, or could I seek approval1.7b ?
The Mac plays by different rules: the Tab key doesn't work and the Enter key is always OK. It would therefore have been incorrect for the patch to change the default action on the Mac. As it is I asked a Mac owner and it does not.
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] approval1.7b?: Solves blocking1.7b+ :-)
Attachment #142929 - Flags: approval1.7b?
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] a=chofmann for 1.7b
Attachment #142929 - Flags: approval1.7b? → approval1.7b+
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] Check in: { 03/11/2004 13:03 neil%parkwaycc.co.uk }
Attachment #142929 - Attachment description: (Bv1c) <institems.*> (doing Av1 again) → (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33]
Attachment #142929 - Attachment is obsolete: true
Status: REOPENED → RESOLVED
Closed: 23 years ago21 years ago
Keywords: regression
Resolution: --- → FIXED
Whiteboard: [adt1 rtm] [ETA 08/10] → [adt1 rtm] [ETA 08/10] [regression fixed(again)1.7b]
verified build 2004031708
Status: RESOLVED → VERIFIED
Comment on attachment 142929 [details] [diff] [review] (Bv1c) <institems.*> (doing Av1 again) [Checked in: Comment 33] a=blizzard for 1.4.3
Attachment #142929 - Flags: approval1.4.3+
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: