1350381 - Change Flash Blocking to use the user setting in about:addons for CTA

Status: VERIFIED FIXED

(Core Graveyard :: Plug-ins, defect)

Description

[Robin Steuber (they/them) [:bytesized]]

The Flash blocking blacklists should be usable even when Flash blocking is disabled. This behavior will be accessible via a pref.

This feature will be needed for eventual deployment of Flash blocking, but will not be needed for the Shield study.

Comment 1

[Robin Steuber (they/them) [:bytesized]]

Attachment: Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

This patch introduces the pref |plugins.flashBlock.blacklist.forceEnable|, which enables enforcement of the blacklists even when |plugins.flashBlock.enabled| is set to |false|. In this state, sites on the blacklist will be blocked, but unknown sites will not be set to CTA, nor will whitelisted sites be explicitly allowed (they will be treated the same way as unknown sites).

The patch involved significantly expanding the testing done by toolkit/components/url-classifier/tests/browser/browser_flash_block_lists.js. This was problematic because that test already needs to request a significantly longer timeout. To address this, I split up the test, moving most testing functionality to toolkit/components/url-classifier/tests/browser/classifierTester.js. This allows the split tests to use the same testcases and most of the same code as one another.

|plugins.flashBlock.blacklist.forceEnable| will default to |false|.

Review commit: https://reviewboard.mozilla.org/r/123944/diff/#index_header
See other reviews: https://reviewboard.mozilla.org/r/123944/

Comment 2

[Benjamin Smedberg]

Is it possible to change the behavior of the existing pref, rather than introduce a new one? In particular, the UI we want still doesn't map very well to the available pref options here:

Whitelist contents                    WHITELISTED     BLACKLISTED     OTHER
about:addons
"never activate"                      deny            deny            deny
"ask to activate"
* "use mozilla lists" checked/default allow           deny            ask
* "use mozilla lists" unchecked       ask             ask             ask
"always activate"
* "use mozilla lists" checked/default allow           deny            allow
* "use mozilla lists" unchecked       allow           allow           allow

I think you could get the desired behavior here by alternately enabling plugins.flashBlock.blacklist.forceEnable for some cases and plugins.flashBlock.enabled for other cases. However it's not a clean mapping.

Why though can't we just have the plugins.flashBlock.enabled pref turn on the whitelist and blacklist behavior without changing the default behavior at all?

Comment 3

[Robin Steuber (they/them) [:bytesized]]

In the current implementation (which I feel is the best way to do this), the Flash blocking system introduces additional security, but never detracts from existing security. This means that I never implemented a whitelist mechanism that "breaks through" other security to allow automatic activation of whitelisted content despite security settings.

That is to say, all the whitelist does is prevents the site from being CTA'ed by the Flash blocking system itself. It does not prevent it from being CTA'ed by the "Ask to Activate" setting.

Comment 4

[Benjamin Smedberg]

ok, but... in the addon manager UI, when this is deployed to users, the setting that is displayed to users will be "ask to activate". And in reality, what's happening is that this feature is tuning ask-to-activate to stop asking in cases where we don't think the user 1) needs to make a choice or 2) can make an informed choice.

As long as the UI ends up in comment 2, the underlying prefs are an engineering choice, but I still find these prefs hard to read and reason about when structured this way.

Comment 5

[Robin Steuber (they/them) [:bytesized]]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/123944/diff/1-2/

Comment 6

[Robin Steuber (they/them) [:bytesized]]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/123944/diff/2-3/

Comment 7

[Robin Steuber (they/them) [:bytesized]]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/123944/diff/3-4/

Comment 8

[Robin Steuber (they/them) [:bytesized]]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/123944/diff/4-5/

Comment 9

[Benjamin Smedberg]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

This is a great commit message!

Comment 10

[Robin Steuber (they/them) [:bytesized]]

It looks like this patch is causing failures in browser/base/content/test/plugins/browser_CTP_context_menu.js. Once I fix that I will request review for this patch.

Comment 11

[Robin Steuber (they/them) [:bytesized]]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

Review request updated; see interdiff: https://reviewboard.mozilla.org/r/123944/diff/5-6/

Comment 12

[Kyle Machulis [:qdot] [:kmachulis] (INACTIVE)]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

https://reviewboard.mozilla.org/r/123944/#review127348

Comment 13

[Ian Moody [:Kwan] (UTC+1)]

Pushed by ksteuber@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/da5282f55afb
Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents. r=qdot

Comment 14

[Robin Steuber (they/them) [:bytesized]]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

Approval Request Comment
[Feature/Bug causing the regression]: This feature represents a significant change to the mechanism underlying Flash blocking, which will be undergoing a Shield study on Release 52 (Bug 1335232).
[User impact if declined]: The Shield study will test the current mechanism instead of the new one
[Is this code covered by automated tests?]: Yes
[Has the fix been verified in Nightly?]: Yes
[Needs manual test from QE? If yes, steps to reproduce]: Manual testing available at itisatrap.org
[List of other uplifts needed for the feature/fix]: None
[Is the change risky?]: Minimal Risk
[Why is the change risky/not risky?]: Code changes are pref'ed off.
[String changes made/needed]: none

Comment 15

[Ryan VanderMeulen [:RyanVM]]

https://hg.mozilla.org/mozilla-central/rev/da5282f55afb

Comment 16

[Liz Henry (:lizzard) (relman/hg->git project)]

Comment on attachment 8851698 [details]
Bug 1350381 - Change Flash blocking to allow the setting "Ask to Activate" to control CTA of unknown documents.

As I understand it this should change behavior only for the shield study, for a study on 53 (not for 52)

Comment 17

[Robin Steuber (they/them) [:bytesized]]

Sorry about that! It should have read:

[Feature/Bug causing the regression]: This feature represents a significant change to the mechanism underlying Flash blocking, which will be undergoing a Shield study on Release 53 (Bug 1335232).

Comment 18

[:Felipe Gomes (needinfo for replies!)]

Note: to uplift this to beta without conflicts we gotta uplift the _test-only_ bug 1340448 (no need to request approval for that)

Comment 19

[:Felipe Gomes (needinfo for replies!)]

https://hg.mozilla.org/releases/mozilla-aurora/rev/004cd303c040b4390fc6c60e5b3b26e34d21d944
https://hg.mozilla.org/releases/mozilla-beta/rev/f975e688b2289c2a590ef87c8fa80bd9db844a0b

Comment 20

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/releases/mozilla-aurora/rev/1edf2dfa3809

Comment 21

[Phil Ringnalda (:philor)]

https://hg.mozilla.org/releases/mozilla-beta/rev/14b6ab023dec

Comment 22

[Pulsebot]

Pushed by philringnalda@gmail.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/43983c66642e
Define this pref so that the test doesn't fail. r=me a=test-fix

Comment 23

[Carsten Book [:Tomcat]]

https://hg.mozilla.org/mozilla-central/rev/43983c66642e

Comment 24

[:Felipe Gomes (needinfo for replies!)]

Note: this made it to the Nightly on Mar 31, and the build ID I got for that on Mac is 20170331030216 (this will need to be set as the minBuildID for bug 1352224)

Comment 25

[Stefan [:StefanG_QA]]

This bug has been verified on Windows 7/10, Ubuntu 16.04 and Mac OS X 10.11 on fixed versions. When changing the options in about:addons to "always activate" or "ask to activate" it shows flash as expected.