Handle external protocol handlers as helper applications




16 years ago
11 years ago


(Reporter: bugs, Assigned: Bill Law)




Firefox Tracking Flags

(Not tracked)



(1 attachment)



16 years ago
This bug proposes an alternate solution to the (security) problem in bug 163767. 

(Copied from bug 163767 comment 43):

Why is this different from downloading a document with a registered MIME type,
and asking what Mozilla should do in the dialog below?

You have chosen to download a file of type: xxx/xxx from URL
What should Mozilla do with this file?
() Open using an application
() Save this file to disk

[] Always ask before opening this type of file

I think the problem is the same, the only difference is that the protocol
handlers don't need the cooperation of the server (MIME types configuration).

Just edit the text appropriately, and replace the Save option with "Copy the URL
to the clipboard" (what I will request adding to the default download dialog anyway)

Comment 1

16 years ago
Created attachment 98424 [details]
Proposed UI

Comment 2

16 years ago
That looks good, but there is a minor thing missing: does the remember decision
checkbox save the setting for the whole set of external protocols, or this one
(vbscript: in the screenshot) only? Is there a mechanism to store the info
separately at all?

If it stores individually, then "Remember this decision for this protocol" (or
similar) should be used, if it stores globally (the decision doesn't seem global
to me), then "Remember this decision for every external protocol" should be used.

This way the window contains enough information to confuse unexperienced users,
which is a very bad thing for a security decision, because the user will just
press OK to dismiss the "annoying" dialog.

Comment 3

16 years ago
1. Accepted, of course, decision should be individial for each protocol.

2. Any idea for simplifying this? We cannot know, is given protocol dangerous or
no. Maybe, it's inoffensive (such as RealAudio) or harmful (such as vbscript). 

Intuitively I can understand, that if I have clicked on ordinary link at page
and see dialog offering to launch MS Internet Explorer, this is improper; and if
I click on link to Web radio and see this dialog with RealAudio icon, this is

We need a little usability test for this issue, have you several unexperienced
users for this? I have, but russians, they can misunderstand english dialog.

Comment 4

16 years ago
I have involved in usability test 8 users - 2 web-designers, 3 developers and 3
sales managers. All have not a low skill in English language. Data in
parentheses means web-designers, developers and sales correspondingly.
4 (2/1/1) users have pressed "Cancel";
1 (0/0/1) user has marked "Reject" and unmarked "Remember";
2 (0/2/0) users have marked "Reject" and "Remember";
1 (0/0/1) user has marked "Open" and "Remember".

As a result, dangerous choice was made by 12.5% users ;) Mainly users choose
"Cancel", this is not so bad in this case.


16 years ago
Keywords: helpwanted

Comment 5

16 years ago
bill, bz, is this a dup?
Assignee: new-network-bugs → law


14 years ago
Summary: [RFE] Handle external protocol handlers as helper applications → Handle external protocol handlers as helper applications

Comment 7

14 years ago
This was sorta fixed in bug 173010.
This wasn't at all fixed.  For example, you can't choose the app to use for a
given protocol.

Comment 9

11 years ago
Fixed by Bug 385065?
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 385065
You need to log in before you can comment on or make changes to this bug.