Closed Bug 1054636 Opened 6 years ago Closed 3 years ago

Plugin Check requires JavaScript, but does not tell the visitor about that

Categories

(Plugin Check :: UI, defect)

defect
Not set

Tracking

(Not tracked)

RESOLVED INCOMPLETE

People

(Reporter: 01908667, Unassigned)

Details

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:31.0) Gecko/20100101 Firefox/31.0 (Beta/Release)
Build ID: 20140716183446

Steps to reproduce:

Visit https://www.mozilla.org/en-US/plugincheck/ with JavaScript disabled (e.g. by using NoScript)


Actual results:

No Plugin Check results shown, also no message telling me that I have to enable JavaScript. Also some layout issues in the upper right part of the page (download links).


Expected results:

There should be a message, telling me to enable JavaScript. No unnecessary layout issues.
I have always used Plugincheck with NoScript.

If you use NoScript you expect to have to allow Scripts on some sites.
The NoScript UI indicates that NoScript has detected, and is blocking, scripts.

Plugincheck needs JavaScript.

Attached is
"Plugincheck-NoScript-show-Domains-where-there-are-JavaScript-scripts-20140816.jpg"

This shows, that when you get to Plugingcheck - in this case I am using the US version
https://www.mozilla.org/en-US/plugincheck/
the NoScript Menu is giving you the option to let JavaScript run from
"mozilla.org" (the domain you are on), "optimizely.com" and "mozilla.net".

Now see:
https://bug1020133.bugzilla.mozilla.org/attachment.cgi?id=8472628

Here I have allowed scripts from "mozilla.org" and "mozilla.net" to run.

Once I have let the scripts run I get an 'expected result',
in this case Flash is "vulnerable" and Adobe Reader is "Up to Date".
Flash 14.0.0.145 was declared "vulnerable" on 2014-08-12.
See bug 1053409 for the change to the Plugincheck Database.

This screenshot is Firefox 31, on 2014-08-13, using the GB version of Plugincheck
(using a different profile which also has RequestPolicy - I also allowed
"mozilla.org" to request from "mozilla.net" to enable Plugincheck).

So I regard the site as 'normal' / 'expected behaviour' when JavaScript
is so widely used on web sites.


(In relply to Kurt Krampmeier from comment #0)
> No Plugin Check results shown, also no message telling me that I have to enable JavaScript.
Both points are true.

Some sites do 'detect that there is no JavaScript running' and they
then give a message something like: 'Please enable JavaScript for ...'. 

DJ-Leith
(In reply to DJ-Leith from comment #1)
> If you use NoScript you expect to have to allow Scripts on some sites.
True, but I would expect a well designed site to tell me if it really needs JavaScript. Otherwise I have to guess (in this case), why there are no results shown. An user could even assume that there are no vulnerable plugins, because none are shown. Not every NoScript user has enough technical background to know or find out which plugins are really installed and to figure out that the empty list must be wrong.

Telling the user about the requirement can be achieved by using a HTML noscript element or by using JavaScript to hide an otherwise visible element containing the message. Simple solution, much better usability.

> Plugincheck needs JavaScript.
I know it is much harder (or for most plugins even impossible) to implement a plugin check without JavaScript. So requiring JavaScript is absolutely legitimate in this case. This bug is just about Plugin Check not telling me so.

> (using a different profile which also has RequestPolicy - I also allowed
> "mozilla.org" to request from "mozilla.net" to enable Plugincheck).
RequestPolicy is a different thing. Blocked cross site requests are rather hard to detect on the server side and this also is no standard browser function.

> So I regard the site as 'normal' / 'expected behaviour' when JavaScript
> is so widely used on web sites.
Since NoScript is on of the most popular extensions for firefox, being prominently listed at https://addons.mozilla.org/en-US/firefox/, I regard it as bad practice to blindly assume JavaScript is always available in general. I especially expect Mozilla, promoting an open, accessible web and having the choice how to use it (extensions), to do better.
(In reply to Kurt Krampmeier comment #2)
> Telling the user about the requirement can be achieved by using a HTML noscript
> element or by using JavaScript to hide an otherwise visible element containing
> the message. Simple solution, much better usability.
> 
> > Plugincheck needs JavaScript.
> I know it is much harder (or for most plugins even impossible) to implement a
> plugin check without JavaScript. So requiring JavaScript is absolutely legitimate
> in this case. This bug is just about Plugin Check not telling me so.

Kurt, I agree with you (on the whole of comment # 2 - not just the point I have just quoted).
It would be good to make this change.  It is not my decision.

I have CCed Schalk Neethling who has been doing most of the work on
Plugincheck in recent months.


My points about using NoScript (and what people can see in the two screenshots)
were for clarification: Schalk has seen some of my screenshots - in other bugs.
These screenshots were taken using Profiles that had both NoScript and
RequestPolicy (which I use for almost all my browsing).

DJ-Leith
Plugin check is no longer supported.
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.