Open Bug 344267 Opened 13 years ago Updated 9 years ago

Downloads not initiated by user should use notificationbox

Categories

(Firefox :: General, defect)

defect
Not set

Tracking

()

People

(Reporter: dietrich, Unassigned)

References

Details

Giving the second half of bug 315536 it's own bug, as it's a quite different problem.

For downloads that are not the result of direct user action (eg: a click), the xul notificationbox should be used to notify the user, instead of the modal download dialog.

Example UI from Beltzner:

{ Download %S from %S?                        [ Download ] [ Cancel ] }
Duplicate of bug 232564?
Looks like that. This bug wants a notification, bug 232564 has more security in mind. I'll mark a relation atleast. 
Blocks: 232564
*** Bug 347289 has been marked as a duplicate of this bug. ***
Flags: blocking1.9?
See also bug 347289 comment 1, where Jesse explains why he thinks this should be WONTFIX in favor of his proposed solution to bug 249951.
Target Milestone: Firefox 2 beta2 → ---
Duplicate of this bug: 543279
(In reply to comment #4)
> See also bug 347289 comment 1, where Jesse explains why he thinks this should
> be WONTFIX in favor of his proposed solution to bug 249951.

This doesn't serve at all for solving the issue I described in https://bugzilla.mozilla.org/show_bug.cgi?id=543279 as PDF's and other files are possibly malicious aswell.

I'm starting to think that the "Do this always" action is simply flawed by design and should probably be avoided, as any download that gets started and executed immediately without any user confirmation in between is a really huge issue and should never happen.

And sites can do this by prompting the download with a redirect or iframe easily, avoiding the user actually needing to click on a link explicitely to start it.

So either never use "Do This always" for any type of download when it's prompted through a redirect or iframe, or simply remove this feature altogether (or include a warning dialog when people activate it).
Duplicate of this bug: 575911
You need to log in before you can comment on or make changes to this bug.