propose enhancing XPI Installer dialog box with visual cues for readability and security




15 years ago
13 years ago


(Reporter: nrlz, Assigned: bugs)


Firefox Tracking Flags

(Not tracked)



(1 attachment, 1 obsolete attachment)



15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7) Gecko/20040616

I have 3 ideas for the Firefox XPI Installer dialog to make it:

1. More readable
2. More informative
3. Stress the security

(All 3 ideas are visually shown in the picture attachment.)

1. Rather than showing the entire URL of the XPI package, only show the domain. 

Most of the time we only determine the trustworthiness of a piece of code by
it's domain and not it's entire path. e.g., '' is good and
'' is bad. So rather than cluttering the screen with the entire
URL, we should just show the domain. This makes the text easier to decipher and
as an added bonus, it does not deter novices from reading it. The entire URL can
still be made available as a tooltip for techies.

2. Supplement the word 'unsigned' with a visual icon.

I've seen the word 'unsigned' in the space next to the package name in bold red
letters and I figure that novice people won't know what it means. I'd rather the
text not be there to avoid confusion. But since it has security merit, I'd
suggest adding a visual icon that is more informative than the word alone. (It
could even replace the word entirely.) The icon would still convey security
information to techies but to the novices, they might treat it as eye-candy or
notice the X through the pen to indicate that something is missing and therefore
convey the meaning of it being less secure.

3. Make clicking 'Install' involve more steps, and therefore stress the layers
of security.

I propose adding a checkbox that has to be checked to enable the 'Install'
button. When the user finds that they have to perform extra steps to perform an
action, it will convey the meaning of extra layers of protection. This should
stress the security implications of what they are doing so they would think twice.

P.S. I also made the default button to be 'Cancel' rather than 'Install' but
this is covered in bug #240637 which I had filed before.

P.P.S. I also added a 'grippy' to make the dialog box resizable. This is just my
personal preference.

Feel free to ignore these suggestions as I know that Firefox doesn't have enough
programmers and there already are too many things to do. I feel guilty because I
myself am not a programmer and cannot contribute. But I am a User Interface

Reproducible: Always
Steps to Reproduce:

Comment 1

15 years ago
Created attachment 151097 [details]
proposed visual changes to XPI dialog


15 years ago
OS: Windows XP → All
Hardware: PC → All

Comment 2

15 years ago
Created attachment 151421 [details]
proposed visual changes to XPI dialog

changed text colour and added shield icon.
Attachment #151097 - Attachment is obsolete: true
We have an additional layer of "protection" in the XPI site blocking process.  A
checkbox before hitting the button is just a hassle to users and achieves very
Last Resolved: 14 years ago
Resolution: --- → WONTFIX
QA Contact: bugzilla → installer
You need to log in before you can comment on or make changes to this bug.