User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a3pre) Gecko/20070301 Minefield/3.0a3pre Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9a3pre) Gecko/20070301 Minefield/3.0a3pre Normally when i try to install an extension from an non-allowed site, Firefox blocks the installation showing the following message at the top of the page: 'Firefox prevented this site (...) from asking you to install software on your computer'. But if i drag with the mouse the link to any open tab (including the active tab), or the 'New tab' button, the installer starts without any alert. So, is no necessary to add the site to the 'Allowed sites' list. Reproducible: Always Steps to Reproduce: 1.Drag any XPI installer link to any tab 2. 3.
I believe this is by design. The whitelist is mainly to prevent sites from popping up the xpinstall dialog. If you drag a link to a tab, we presume you had a clue what you were doing.
Assignee: nobody → xpi-engine
Component: Security → Installer: XPInstall Engine
Product: Firefox → Core
QA Contact: firefox
Status: UNCONFIRMED → RESOLVED
Last Resolved: 11 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 259670
This is indeed by design. The whitelist is to prevent sites from annoying you with the install dialog in an attempt to bully you into saying "OK", it's not meant to stop people from getting what they want and dragging a link is a pretty intentional act. If you didn't know it was an install link then the confirmation dialog will let you know about that. Dragging a link is preferable to permanently whitelisting a site just to get one thing. I wish more people knew about it.
You need to log in before you can comment on or make changes to this bug.