Closed Bug 1295984 Opened 8 years ago Closed 3 years ago

Google docs trigger Flash activation even though they don't use Flash


(Core Graveyard :: Plug-ins, defect, P3)



(platform-rel -)

Tracking Status
platform-rel --- -


(Reporter: benjamin, Unassigned)



(Whiteboard: [platform-rel-Google][platform-rel-GoogleDocs])

* Mark Flash as ask-to-activate in the addon manager
* Edit a google doc.

* The plugin icon is shown in the Firefox location bar.
* Opening the dialog shows: "Allow to run "Adobe Flash"? [Allow Now] [Allow and Remember]
* When I choose "Allow Now", the page reloads
* After the page finishes loading, the plugin icon shows in the location bar again, with the same "Allow...?" question

* Google docs doesn't use Flash. We shouldn't prompt users to enable it, and we definitely shouldn't end up in a UI loop where the UI is inaccurate but can't be dismissed.
Priority: -- → P3
platform-rel: --- → ?
Whiteboard: [platform-rel-Google][platform-rel-GoogleDocs]
platform-rel: ? → -
I believe this is popping up due to this snippet of JS in Google:

    var a = window.navigator.plugins["Shockwave Flash"];

Hard to figure out exactly what it's trying to achieve due to the minification, but it seems to be in a block of code that's collecting versions of various things. Here's a nearby block that seems to be grabbing your browser info: = function() {
        if (_.rb) return bf(/Firefox\/([0-9.]+)/);
        if (_.B || _.Wa || _.Va) return _.mb;
        if (_.vb) return bf(/Chrome\/([0-9.]+)/);
        if (_.wb && !_.Ra()) return bf(/Version\/([0-9.]+)/);
        if ( || _.tb) {
            var a = /Version\/(\S+).*Mobile\/(\S+)/.exec(_.Ma);
            if (a) return a[1] + "." + a[2]
        } else if (_.ub) return (a = bf(/Android\s+([0-9.]+)/)) ? a : bf(/Version\/([0-9.]+)/);
        return ""

Is this just trying to do some kind of analytics / fingerprinting? I can't seem to find the results of it in the network traffic, though it is similarly opaque. It definitely doesn't seem to be actually trying to use Flash. This seems to just be an unfortunate consequence of displaying the CTP notification when sites query for Flash by name, since that doesn't necessarily mean they want to do something meaningful to the user with the result. Thoughts?
Also of note though is that I'm unable to reproduce the UI loop. Clicking "Allow Now" once seems to resolve the issue. Is there something I'm missing or was part of this fixed as a consequence of an unrelated change?
Flags: needinfo?(benjamin)
I can still see this, and I believe it may be the same cause as bug 1312091 where cross-origin subframes are still hiding Flash from navigator.plugins even when they shouldn't be.

This doesn't block click-to-play in general because it's caused by 1186948 which is nightly-only and probably not something we're going to ship.
No longer blocks: flash-click-to-play
Flags: needinfo?(benjamin)
Resolving as wont fix, plugin support deprecated in Firefox 85.
Closed: 3 years ago
Resolution: --- → WONTFIX
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.