Last Comment Bug 287571 - Remove UI for 'Load Images for the originating web site only' pref
: Remove UI for 'Load Images for the originating web site only' pref
Status: RESOLVED FIXED
: fixed1.8.1
Product: Firefox
Classification: Client Software
Component: Preferences (show other bugs)
: 2.0 Branch
: All All
: -- normal with 1 vote (vote)
: Firefox 2 beta1
Assigned To: :Gavin Sharp [email: gavin@gavinsharp.com]
:
Mentors:
Depends on:
Blocks: 310271
  Show dependency treegraph
 
Reported: 2005-03-24 08:02 PST by Ali Ebrahim
Modified: 2006-12-01 18:16 PST (History)
23 users (show)
asa: blocking1.8rc1-
mconnor: blocking‑aviary1.5-
mconnor: blocking‑firefox2-
See Also:
Crash Signature:
(edit)
QA Whiteboard:
Iteration: ---
Points: ---
Has Regression Range: ---
Has STR: ---


Attachments
patch (4.97 KB, patch)
2005-09-27 19:14 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
mconnor: review+
Details | Diff | Splinter Review
pref migration (2.74 KB, patch)
2005-10-02 20:27 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
mconnor: review-
Details | Diff | Splinter Review
branch patch (5.02 KB, patch)
2006-05-27 19:27 PDT, :Gavin Sharp [email: gavin@gavinsharp.com]
mconnor: approval‑branch‑1.8.1+
Details | Diff | Splinter Review

Description Ali Ebrahim 2005-03-24 08:02:23 PST
We should remove UI for the 'Load Images for the originating web site only'
pref. This pref is easily misunderstood by the majority of the web browsing
population, and we get questions like: "Why aren't images on Yahoo! loading?"

I don't most expect users to know that Y! is serving images off yimg.com and
therefore so-and-so pref is causing images not to load. We need to get rid of
the UI for the pref so that people can't enable something that has non-obvious
implications.

The issue of contention is how do we migrate users who already have the
preference set who upgrade to 1.1?
Comment 1 shadytrees 2005-03-24 08:30:11 PST
Just turn off the pref for 1.1 users and revert them to Load Images From All and
add a Release Note about this. Even more confusing for the users who
accidentally turned this on would be that there's no GUI to fix it once they've
upgraded.
Comment 2 José Jeria 2005-03-24 08:54:02 PST
I seen several bug reports about images not showing up due to this pref. Some of
them have asked why you cant see a placeholder for the blocked images on the page.

I agree that this is a confusing pref that should be hidden. 
Comment 3 Kevin Brosnan 2005-03-24 08:57:06 PST
I was mulling over filing the same bug. I examined alexa's top ten english 
site's front pages. http://www.alexa.com/site/ds/top_500
yahoo - no images at all
msn - lost an ad or two 
google - no differece
passport - missing some graphics
ebay - realy broken, no images, layout affected
microsoft - lost an ad or two
amazon - no differece
aol - ad will not load - main content on page
fastclick - no differece
google.co.uk - no differece
Comment 4 Phil Ringnalda (:philor) 2005-03-24 17:18:40 PST
(In reply to comment #3)
> amazon - no differece

amazon.com - no difference. European Amazons load images from
images-eu.amazon.com (see another twenty or so bugs).
Comment 5 Kevin Brosnan 2005-03-28 14:12:10 PST
Well lets see if we can get this on the radar before the 1.1 branch. 
Comment 6 Andrew Gillespie 2005-06-08 12:19:35 PDT
I think you should leave the option there but add a message similar to the pop
up blocked message at the top of the page whenever an image not from originating
server is blocked. If the user says don't show this message again under options
then show an icon on the status bar. I like to have this setting turned on
because it blocks a lot of ads and other junk I don't want to see, but I did
once forget it was on and got really confused when an image I was expecting to
see didn't load, but if there had been an icon reminding me then it would not
have been a problem.
Comment 7 mmortal03 2005-06-09 02:09:19 PDT
One thing that is confusing is that not only do we forget that an image from a
blocked server is, in fact, blocked, but we have to right click on an INVISIBLE
image placeholder to unblock it, unless we go into the options menus and remove
that server from the list manually.

My idea would be to place a dynamically appearing menu somewhere immediately
accessible when images are blocked (whether that be on the taskbar as an icon or
whether that be a part of a yellow drop down indicator at the top, or something
else) that lists these servers from which images are blocked on the current
page, and place checkmarks next to each.
Comment 8 Andrew Gillespie 2005-06-11 00:59:19 PDT
(In reply to comment #7)
> One thing that is confusing is that...  we have to right click on an INVISIBLE
> image placeholder to unblock it

This seems to have been fixed in
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-ZA; rv:1.8b2) Gecko/20050610
Firefox/1.0+

that is: a visible place holder is shown including alt text if available
otherwise broken image icon

Comment 9 Robert Rothenberg 2005-06-14 05:33:16 PDT
(In reply to comment #6)
> I think you should leave the option there but add a message similar to the pop
> up blocked message at the top of the page whenever an image not from originating
> server is blocked....

I agree. I don't want to lose the UI for it. But there should be something to
notify the user of its implications.

Comment 10 Steve England [:stevee] 2005-06-18 12:44:02 PDT
Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.8b2) Gecko/20050618
Firefox/1.0+ ID:2005061804
I'm all for removing this useless option too. OK so it's not entirely useless,
but it's not the kind of option an average user should be able to fiddle with so
easily; it is responsible for sooo many tech support questions. (People seem to
have an idea that if they want the most out of their browser, then all options
should be ticked, which in this case actually makes some web-sites loose pictures).

IMO the 'for the originating site only' UI should be removed. Such behaviour
should be set via an about:config option, or an extension if an UI is required.
Comment 11 Jason Barnabe (np) 2005-06-19 10:20:54 PDT
If not removing the UI, at least switch around the checkbox to mean the opposite
of what it means now. I bet a lot of users go in, see the default 6 checkboxes
checked and one not, and figure the unchecked one should be like the others. 
Comment 12 Eric Zen 2005-06-28 16:05:32 PDT
Just a quick question, would removing the user interface also include
about:config?  I find having the option useful for, maybe, 15-25% of ads,
depending on the mindset of wherever one surfs.  It could only get better by
preventing iframes from other sites from being displayed!  That'd kill off
another 30-40% easy!

Anyhow, back on subject, I think the problem is the attempt to manage media in
one or two checkmarks.  It seems the problem maybe that the simplicity is
confusing.  There may be sites where users want everything to come in, wherever
it comes from (like yahoo, for example), while others would only want or need
some small specific outside bit.  It has been a long time since internet sites
have been uniform and predictable.  

You can't stop flash from making a pop up, and some sites will depend on flash
(movie sites) while others use it for games only, and too many others use it for
advertisements.  IFrames, in some sites, are used to show previews, search
results, a forum page or, now in too many cases also, an advertisement
(ironically, getting around the originating site only thing).  Needless to say,
images from elsewhere serve the same purpose.  You know the difference between
images.foo.bar and ads.bar.foo, but a simple originating server option doesn't.

Maybe that'll just be something we'll leave for Mozilla 2.0 engineers when it
comes out in five years.
Comment 13 Ali Ebrahim 2005-06-28 16:30:07 PDT
As it stands right now, this bug covers only removing the UI for it, not the
underlying about:config option.
Comment 14 Uri Bernstein (Google) 2005-08-16 04:57:38 PDT
Below is a (probably incomplete) list of bugs filed on this issue since this bug
was filed (2005-03-24).

bug 287577
bug 291424
bug 292565
bug 293672
bug 294301
bug 295710
bug 296727
bug 296784
bug 298182
bug 299511
bug 303411
bug 304030
bug 304756
Comment 15 Markus Peter 2005-09-27 08:58:30 PDT
In addition to the regular bugreports about images not appearing on bugzilla, you also have to consider 
that this option causes problems for the affected websites, too. The support team for my company's 
website for example had at least 500 support requests the last 6 months from Firefox users, who 
accidently activated the option and then thought our website was "broken" because the images were 
missing. This might not be a large problem for Ebay and the likes, but it is a real problem for smaller 
ecommerce sites.

The UI option should really be removed soon or at least there should be some "Warning - images could 
completely stop showing up on many websites" message when a user activates it.
Comment 16 :Gavin Sharp [email: gavin@gavinsharp.com] 2005-09-27 19:14:37 PDT
Created attachment 197650 [details] [diff] [review]
patch

Remove the UI for the pref. Note that the reason there were many problems with
this going from <1.0 -> 1.0 was that the pref name changed, that shouldn't be a
factor going from 1.0 -> 1.5.
Comment 17 :Gavin Sharp [email: gavin@gavinsharp.com] 2005-09-27 19:42:47 PDT
Trunk:
mozilla/browser/components/preferences/content.js; new revision: 1.12;
mozilla/browser/components/preferences/content.xul; new revision: 1.14;
mozilla/browser/locales/en-US/chrome/browser/preferences/content.dtd; new
revision: 1.5;
Comment 18 Mike Mariano 2005-09-29 09:21:28 PDT
What is the about:config name for this preference?

I don't see it in previous versions of Firefox or in the patch.
Comment 19 :Gavin Sharp [email: gavin@gavinsharp.com] 2005-09-29 09:38:56 PDT
The pref is "permissions.default.image", see
http://lxr.mozilla.org/seamonkey/source/modules/libpref/src/init/all.js#692
Comment 20 Mike Connor [:mconnor] 2005-09-29 11:33:38 PDT
Comment on attachment 197650 [details] [diff] [review]
patch

clearing until we get a patch with pref migration
Comment 21 :Gavin Sharp [email: gavin@gavinsharp.com] 2005-09-29 11:45:11 PDT
How do you propose handling the migration issue? ifdef nsContentBlocker.cpp? As
you mentioned earlier, SM and other consumers might not want this pref clobbered.
Comment 22 :Gavin Sharp [email: gavin@gavinsharp.com] 2005-10-02 20:27:16 PDT
Created attachment 198262 [details] [diff] [review]
pref migration

Handle pref migration ourselves, don't migrate "from the originating site
only".
Comment 23 Asa Dotzler [:asa] 2005-10-10 16:58:48 PDT
not going to block the release on this.
Comment 24 Marek Stępień [:marcoos, inactive] 2005-10-17 13:51:17 PDT
Is this going to be removed from Firefox 1.5?
Comment 25 Mike Connor [:mconnor] 2005-12-27 21:40:52 PST
Comment on attachment 198262 [details] [diff] [review]
pref migration

grr, wrong tab, hold on a sec
Comment 26 Mike Connor [:mconnor] 2006-01-14 00:59:35 PST
Comment on attachment 198262 [details] [diff] [review]
pref migration

this is probably going to break now that we've shipped 1.5, since we didn't migrate/clear it then, so users who changed after after updating will revert to 1.0 settings.  ah well...
Comment 27 Mike Connor [:mconnor] 2006-01-14 19:44:38 PST
not a blocker, but it'll end up in Fx2
Comment 28 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-05-03 12:29:39 PDT
Steffen: why did you change the status whiteboard? Why is a preference migration patch needed? I got approval from mconnor to land this, I just haven't done it yet.
Comment 29 Steffen Wilberg 2006-05-03 13:46:10 PDT
Sorry, I should've added a comment. With pref migration I didn't mean migration from network.image.imageBehavior to permissions.default.image, since that is already migrated by http://lxr.mozilla.org/mozilla1.8/source/extensions/permissions/nsContentBlocker.cpp#93.

But users who have enabled "for the originating web site only" in Firefox 1.0/1.5 can't easily disable this in 2.0 this since you're about to remove the UI. Workaround is to disable "Load Images", enable it again, and click OK, but who's going to find that out? We should migrate permissions.default.image from 3 (restricted) to 1 (enabled) IMHO.

I didn't know mconnor already gave approval.
Comment 30 Jeff Walden [:Waldo] (remove +bmo to email) 2006-05-27 19:11:58 PDT
If this is to make v2, someone needs to write a branch patch for it.
Comment 31 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-05-27 19:27:46 PDT
Created attachment 223575 [details] [diff] [review]
branch patch

This will require the use of about:config for people who enabled the "from the original site only" pref in 1.5 or earlier and want to disable it in 2.0. I don't know whether that deserves anything more than a mention in the release notes: I think the users of that pref are very rare, which is why we're removing this UI in the first place.
Comment 32 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-05-29 08:56:05 PDT
mozilla/browser/components/preferences/content.js 	1.9.2.3
mozilla/browser/locales/en-US/chrome/browser/preferences/content.dtd 	1.4.2.2
mozilla/browser/components/preferences/content.xul 	1.11.2.4
Comment 33 runner23 2006-08-14 04:09:53 PDT
(In reply to comment #31)
> Created an attachment (id=223575) [edit]
> branch patch
> 
> This will require the use of about:config for people who enabled the "from the
> original site only" pref in 1.5 or earlier and want to disable it in 2.0. I
> don't know whether that deserves anything more than a mention in the release
> notes: I think the users of that pref are very rare, which is why we're
> removing this UI in the first place.

Why would you assume it is "rare" for users to understand this option and to use it? I have been using this option from as far back as I can recall. I had no problems understanding it. 

I have Fx 2.0 beta1 installed on a virtual machine. I was unable to view an image at the Kaspersky forum earlier this evening. I checked to see where the image was located and it was a safe site so I then opened options in Fx and intended to TEMPORARILY uncheck the option "from the orginal site only" so I could view this image and then I would recheck the box. To my utter surprise, there was no box and no option! Yet 2.0 was behaving as though I had the option checked. That really puzzled me. I asked about it in the Mozilla forum at dslreports and was led to this bug.

Most everyone I know who uses Fx has this option checked and understands the option. Any sites they wish to have excluded are added in exclusions. It is not at all difficult to understand this option and it provides better security. For instance, I would never allow an image from ImageShack but I have i.dslreports. com in the exclusions as I trust that site's off site images to be safe. 

I do not want to go into about:config and change my "legacy" default of having this now invisible option checked. What I want and need is a way to easily uncheck the option when needed and recheck afterwards. 

Further, the exceptions box is now extremely confusing in 2.0. It says that I can allow certain sites to load images by placing them in the exceptions list. How could I do that if any site, not just the originating, can already load images because you have removed the option? 

Fx should have as its goal to have an outstanding browser not have as its goal to cater to the lowest, most ignorant web user. That is what IE does. Fx will become just another IE if this is its goal and removing this option box because ignorant users don't understand it puts Fx on the short list to become just another lousy IE type browser. It is extremely disappointing to those of us who have been with Fx from Phoenix days to see this happening.




Comment 34 Mike Connor [:mconnor] 2006-08-27 06:47:03 PDT
sorry for bugspam, long-overdue mass reassign of ancient QA contact bugs,
filter on "beltznerLovesGoats" to get rid of this mass change
Comment 35 BugMagnet 2006-12-01 17:38:24 PST
I think it was a BIG mistake to remove the UI for this setting.

The optimal use for me was to disallow loading remote images, then allow site specific remotes by adding them to the image manager.

To make matters worse, FF does not have a right menu item for "allow images from ...".

It assumes the user will only use the 'allow all images' setting and then provides a right menu item for "block images from ...".

Also, why doesn't the image manager allow use of wildcards?  When ebay uses perhaps 20 different image servers, like i12.ebayimg.com, why can't FF or SM allow adding just "*.ebayimg.com" instead of requiring 20 individual remote server hostnames?

My primary rule settings are:
1] allow site images
2] deny remote images
3] allow specific remote images
4] block certain site images

obviously, changing 1 or 2 will affect the usefulness of settings 3 and 4, but for me, that is the optimal configuration.
Comment 36 :Gavin Sharp [email: gavin@gavinsharp.com] 2006-12-01 17:41:53 PST
(In reply to comment #35)
> Also, why doesn't the image manager allow use of wildcards?  When ebay uses
> perhaps 20 different image servers, like i12.ebayimg.com, why can't FF or SM
> allow adding just "*.ebayimg.com" instead of requiring 20 individual remote
> server hostnames?

Allowing ebayimg.com will also allow all of its subdomains, so you don't need to list them all individually.
Comment 37 BugMagnet 2006-12-01 18:16:03 PST
(In reply to comment #36)
> (In reply to comment #35)
> > Also, why doesn't the image manager allow use of wildcards?  When ebay uses
> > perhaps 20 different image servers, like i12.ebayimg.com, why can't FF or SM
> > allow adding just "*.ebayimg.com" instead of requiring 20 individual remote
> > server hostnames?
> 
> Allowing ebayimg.com will also allow all of its subdomains, so you don't need
> to list them all individually.
> 

Thank you for that headsup.  I tried being a little more specific like "*.ebayimg.com" and "*.images-amazon.com" but they failed to work.

Supporting wildcards is still needed I think.  consider ads10.xyz.com and img12.xyz.com.  adding "xyz.com" would allow all.  but with wildcard support I could allow img*.xyz.com and still block ads*.xyz.com

Note You need to log in before you can comment on or make changes to this bug.