Closed Bug 738698 (click-to-play) Opened 12 years ago Closed 8 years ago

[meta] Users should have the ability to activate plugins on demand

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jaws, Unassigned)

References

(Depends on 1 open bug,
URL
)

Details

(Keywords: meta, sec-want) 

Users should have the ability to activate plugins on demand. This is sometimes referred to as click-to-play plugins.
I think we are ready to schedule this one, the call for comments closed on 30-Mar as expected there was nothing too big.

link to discussion: https://groups.google.com/group/mozilla.dev.security/browse_thread/thread/893f729b420309ec#

Jared / Ian thoughts?
Depends on: 743102
(In reply to Curtis Koenig [:curtisk] from comment #1)
> I think we are ready to schedule this one, the call for comments closed on
> 30-Mar as expected there was nothing too big.
> 
> link to discussion:
> https://groups.google.com/group/mozilla.dev.security/browse_thread/thread/
> 893f729b420309ec#
> 
> Jared / Ian thoughts?

What's currently implemented is a first pass on the feature and isn't intended to be enabled by default. I would prefer to wait until the feature is closer to what's described in the feature page. The feature page is currently being discussed in mozilla.dev.security and we met with UX yesterday to ask for input as well. If the review would be a design review, I would prefer this to happen in the mozilla.dev.security thread after people have reviewed the existing feature page. If the review is an implementation review, I would prefer this to wait until the feature is closer to what we have discussed shipping. I would encourage members of the security team to try this feature out in a nightly by flipping the pref when bug 711618 lands. This is all just my opinion though, very open to discussion :)
Thanks for this! too

i also have traded Flashblock for plugins.click_to_play;true

But by when it will be stable enough to test?
will it have the option to control(enable on demand) for all types of plugins?
& what about say a page has two flash player windows but want to play only the second one
will it be possible ? (flashblock allows this)
(In reply to beelzebub360 from comment #3)

FYI you don't need to add the same comment to every click to play bug, this is the meta (main) click to play bug, which tracks the feature overall - other related bugs should be marked dependencies for it. 

> But by when it will be stable enough to test?

i saw that you already cc'd yourself on this bug and some of the other click to play bugs. Following the bugs will let you follow the progress of this feature (including it being enabled by default in a release of Firefox). 

> will it have the option to control(enable on demand) for all types of
> plugins?
> & what about say a page has two flash player windows but want to play only
> the second one
> will it be possible ? (flashblock allows this)

please see https://wiki.mozilla.org/Opt-in_activation_for_plugins for the current proposal and feel free to comment on the spec on mozilla.dev.security where click to play is being discussed
Depends on: 743429
Depends on: 744197
Guys will this be also implemented so that ogg or web-m to require to be licked to be activated
this is needed to stop loading unnecessary plugins on any page(inbuilt or external) especially under linux
& also speeds up Firefox
(In reply to beelzebub360 from comment #5)
> Guys will this be also implemented so that ogg or web-m to require to be
> licked to be activated
> this is needed to stop loading unnecessary plugins on any page(inbuilt or
> external) especially under linux
> & also speeds up Firefox

At the moment, as being discussed, it's only for plugins. You raise an interesting point, but i think that's a different issue/bug, perhaps.
(In reply to Ian Melven :imelven from comment #6)

> At the moment, as being discussed

Great Hope it gets implemented 

>it's only for plugins.
well basically .ogg/webm etc are plugins(internal maybe if not external which are not required always)
but are loaded(wasting bandwidth & resources).

Maybe not all but some users need more security over running all plugins
&
desktop/mobiles need more resources which might not be always available(if on a old system or using different codecs)

>You raise an
interesting point
Thank-you

>but i think that's a different issue/bug, perhaps

perhaps not as using resources more efficiently & securely is one of the main motives of this feature
When you all feel that this is ready for a security review please update bug 744534 and we will get it going.
Whiteboard: [secr:curtisk] → [secr:curtisk:744534]
Depends on: 745187
(In reply to Tony Mechelynck [:tonymec] from comment #9)
> Dupe of bug 711552?

Bug 711552 was for the user interface on desktop for click-to-play (there was another bug for mobile). This bug is an overall tracking bug for click-to-play, if I understand correctly.
To avoid every Silverlight site issue from breaking, this should be resolved..

https://bugzilla.mozilla.org/show_bug.cgi?id=745378
Depends on: 745378
Depends on: 746859
Depends on: 747105
Yes, is very important that users always decided if click to play plugins or simple reproduce it. Flash and others plugins cause problems and we have to make a better Firefox.
There are several ways for users can customize this. A path can be put in tab Plugins of Add-ons Manager a cheek button to click to play plugins.
Too in tab Content of Firefox Options together Block pop-up windows, Loads images automatically and Enable JavaScript we can add a cheek button to click to play plugins and button for users can add exceptions for sites which theirs want add (this would serve for show to users a simple way to enable or disable).
Depends on: 747169
No longer depends on: 745378
Depends bug 746888?
Assignee: administration → nobody
Depends on: 747312
Depends on: 747638
For end-users, the following capabilities might be very much desired.  

I would like to be able to white-list a plugin as always active without regard for what Web page I am viewing.  

I would like to be able to white-list a URI or an entire domain to activate all plugins.  

I would like to be able to black-list a Web page or an entire domain for a specific plugin, overriding the above white-lists.  

Finally, any indicator of a blocked plugin should be obvious but not hide any content on a Web page.
No longer depends on: 747638
Depends on: 746888
Whiteboard: [secr:curtisk:744534] → [sec-assigned:curtisk:744534]
Depends on: 736998
Depends on: 751528
Depends on: 752228
Depends on: 752461
Depends on: 752477
Depends on: 752515
Depends on: 753100
Depends on: 754509
Depends on: 758968
Click to Play Plugins should also block(enable on demand)
webm/ogg/mp3/vlc etc
(In reply to Pheonix from comment #15)
> Click to Play Plugins should also block(enable on demand)
> webm/ogg/mp3/vlc etc

These aren't alwyas provided by plugins though... this would be a separate feature, particularly since we want click to play to help protect users against plugin vulnerabilities, which we can't fix ourselves.
Depends on: 766946
Depends on: 756206
Depends on: 747796
Depends on: 775020
Depends on: 775246
Depends on: 775418
Depends on: 775709
Depends on: 775907
Depends on: 775858
Depends on: 775857
Keywords: sec-want
Depends on: 776264
Depends on: 776432
Depends on: 777238
Depends on: 777741
Depends on: 779320
Depends on: 779844
Depends on: 780517
Was this broken by bug 745030 somehow?

On Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:17.0) Gecko/17.0 Firefox/17.0 ID:20120808030529 with Shockwave Flash 11.4.400.252 "click to play" UI no longer shows on http://www.adobe.com/software/flash/about/
Depends on: 781250
Alex - are you talking about the content that appears for a bit and then is replaced by a (non-flash) ad?
Yes. Flash content is activating immediately with click-to-play enabled.

Works: http://hg.mozilla.org/mozilla-central/rev/1bbc0b65dffb
Broken: http://hg.mozilla.org/mozilla-central/rev/e55638d4037a
Push log: http://hg.mozilla.org/mozilla-central/pushloghtml?fromchange=1bbc0b65dffb&tochange=e55638d4037a

I did some further debugging and found that the broken behavior is caused by a combination of the above change set and Adblock Plus (2.1.3a.3534).
Depends on: 782121
Depends on: 782644
Flags: sec-review?(curtisk)
Depends on: 783245
Depends on: 783460
(In reply to David Keeler from comment #18)
> Alex - are you talking about the content that appears for a bit and then is
> replaced by a (non-flash) ad?

No I was talking about the "Version Information" Flash box.

I still believe the refactoring of nsObjectLoadingContent on bug 745030 completely broke click to play =(
Alex - looks like you might be encountering bug 782644.
With regard to bug 745030 - click to play was already broken by the complexity and difficult-to-maintain-ness of nsObjectLoadingContent. While the refactoring has caused some regressions, I think we're better off in the long run because we now have a better path forward using code that is easier to understand and improve.
Depends on: 784135
Depends on: 785070
Depends on: 787758
Depends on: 790241
Depends on: 790265
(In reply to alex_mayorga from comment #23)
> Missing "Lego brick" click-to-play UI at
> http://news.yahoo.com/blogs/trending-now/long-lost-renoir-masterpiece-found-
> among-junk-flea-170238665.html
> 
> Confirms anyone?

Yahoo applies georestriction on its stream, so I guess it's pure HTML/JS. We see only the splash image before playing the Flash stream. In my case, I'm georestricted so I don't see the click-to-play overlay.
Depends on: 790483
(In reply to alex_mayorga from comment #23)
> Missing "Lego brick" click-to-play UI at
> http://news.yahoo.com/blogs/trending-now/long-lost-renoir-masterpiece-found-
> among-junk-flea-170238665.html
> 
> Confirms anyone?

I've noticed this, it's due to resizing plugin frames after they've switch to fallback. I filed bug 790483 for this, though it might be a dupe.
Depends on: 792550
Steps:
0. Enable "click to play"
1. Load http://www.vice.com/vice-news/the-mexican-mormon-war-part-1
2. Click on "Click here to activate plugin"

Result:
Nothing happens.
There's an error in error console:
[code]Error: ReferenceError: OAS_RICH is not defined
Source File: http://www.vice.com/vice-news/the-mexican-mormon-war-part-1
Line: 127[/code]

Expected results:
Plugin activates

Is this a site's or Nightly's bug?
Alex - that looks like bug 790265 (which occurs when a site embeds content from another site that has "display: none" initially - which is different from (but very similar to) bug 741130).
Another one that doesn't work on Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:18.0) Gecko/18.0 Firefox/18.0 ID:20120927030539

Steps:
0. Enable "click to play"
1. Load http://www.aztecanoticias.com.mx/capitulos/mexico/126079/marti-batres-choca-contra-puerta-en-san-lazaro
2. Click on "Click here to activate plugin"
3. Click "PLAY"

Result:
Nothing happens.
There's an error in error console:
Timestamp: 28/09/2012 09:15:51 a.m.
Error: ReferenceError: K10142 is not defined
Source File: http://www.aztecanoticias.com.mx/capitulos/mexico/126079/marti-batres-choca-contra-puerta-en-san-lazaro
Line: 1180

Expected results:
Video plays.

Is this a site's or Nightly's bug?
Alex - I can't reproduce the bug you're seeing on that page. Maybe the page was recently updated?
(I'm assuming you were trying to click-to-play the main video, right?)
David,

For me it doesn't work even in Safe-mode =(
Only other thing I can think of is that I've set Nightly to not accept 3rd party cookies, might that be?
Depends on: 798003
Another page that doesn't work with "click to play" FWIW

http://www.cetesdirecto.com/ninos/Cuento.html
Depends on: 798623
Depends on: 800018
Depends on: 801480
Depends on: 803713
Glad to report that these now WFM on Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:19.0) Gecko/19.0 Firefox/19.0 ID:20121022030551

http://www.aztecanoticias.com.mx/capitulos/mexico/126079/marti-batres-choca-contra-puerta-en-san-lazaro
http://www.cetesdirecto.com/ninos/Cuento.html

Thanks to everyone involved in this feature, it's coming along nicely and helps me enjoy the web more on my CPU and RAM constrained devices =)
Blocks: 804580
There's no click to play UI on the main page at http://javatester.org/version.html

Is this a bug or by design?
(In reply to alex_mayorga from comment #33)
> There's no click to play UI on the main page at
> http://javatester.org/version.html
> 
> Is this a bug or by design?

I've looked at that before, and if I recall correctly, the applet is considered too small to contain the UI in the overlay, so we make it (the overlay) invisible. It can still be activated by the urlbar notification icon.
Alias: click-to-play
(In reply to David Keeler from comment #34)
> (In reply to alex_mayorga from comment #33)
> > There's no click to play UI on the main page at
> > http://javatester.org/version.html
> > 
> > Is this a bug or by design?
> 
> I've looked at that before, and if I recall correctly, the applet is
> considered too small to contain the UI in the overlay, so we make it (the
> overlay) invisible. It can still be activated by the urlbar notification
> icon.

Would it be possible to still draw the gray diagonal bars and just the text with no icon? That would give more the sense of "something is missing here and we know about it, Firefox is not failing" IMHO.
Steps:
0. Install JRE 1.7.0_09 from http://www.oracle.com/technetwork/java/javase/downloads/index.html
0. Enable "click to play" plugins.click_to_play;true in about:config
1. Load http://www.java.com/en/download/installed.jsp?detect=jre
2. Click on "Click here to activate the Java Deployment Toolkit plugin."

Result:
The applet never loads.

Is this a known bug on Nightly or just poor "web making" from Oracle?
(In reply to alex_mayorga from comment #36)
> Steps:
> 0. Install JRE 1.7.0_09 from
> http://www.oracle.com/technetwork/java/javase/downloads/index.html
> 0. Enable "click to play" plugins.click_to_play;true in about:config
> 1. Load http://www.java.com/en/download/installed.jsp?detect=jre
> 2. Click on "Click here to activate the Java Deployment Toolkit plugin."
> 
> Result:
> The applet never loads.
> 
> Is this a known bug on Nightly or just poor "web making" from Oracle?

Not necessarily poor coding - it works for me after a few seconds if I enable the plugin through the urlbar notification.
No longer blocks: 804580
Depends on: 804580
Depends on: 808312
(In reply to alex_mayorga from comment #35)
> (In reply to David Keeler from comment #34)
> > (In reply to alex_mayorga from comment #33)
> > > There's no click to play UI on the main page at
> > > http://javatester.org/version.html
> > > 
> > > Is this a bug or by design?
> > 
> > I've looked at that before, and if I recall correctly, the applet is
> > considered too small to contain the UI in the overlay, so we make it (the
> > overlay) invisible. It can still be activated by the urlbar notification
> > icon.
> 
> Would it be possible to still draw the gray diagonal bars and just the text
> with no icon? That would give more the sense of "something is missing here
> and we know about it, Firefox is not failing" IMHO.

That's reasonable, but then there's still the problem of when even the text is too large for the visible plugin area. Why don't you open a new bug and anyone who's interested can discuss it there?
Depends on: 809792
Depends on: 809793
Depends on: 809785
Depends on: 809846
Depends on: 809858
Depends on: 809867
Depends on: 810086
Depends on: 809903
Depends on: 812182
Depends on: 817249
Depends on: 818009
Depends on: 818008
Depends on: 818016
Depends on: 818162
Depends on: 819972
No longer depends on: 756206
No longer depends on: 809846
Depends on: 819992
Depends on: 820054
Depends on: 820448
There's no click to play UI on dynamically created flash. Example: http://ruzanow.ru/test/test-flash.html
// I think that it has already been reported, but not right here and bug is not fixed in nightly.
Depends on: 820708
(In reply to ruzanow from comment #41)
> http://ruzanow.ru/test/test-flash.html
Ops, sorry. This is another bug. Small placeholder (less 110x110 for me) is invisible.
Depends on: 787619
Depends on: 795397
Depends on: 825723
Depends on: 824889
Depends on: 825438
Depends on: 820678
Depends on: 830559
Depends on: 830267
Depends on: 831365
Depends on: 831757
No click-to-play UI on the main page at http://getpebble.com/ just a black square.

Is this a known bug or shall I file a new one?
Depends on: 744745
Depends on: 833809
Flags: sec-review?(curtisk) → sec-review+
Whiteboard: [sec-assigned:curtisk:744534]
Depends on: 785490
Depends on: 834698
Depends on: 834918
Depends on: 835057
Depends on: 835929
Depends on: 836730
(In reply to alex_mayorga from comment #44)
> No click-to-play UI on the main page at http://getpebble.com/ just a black
> square.
> 
> Is this a known bug or shall I file a new one?

It was in fact bug 744745 and it's now fixed.

Also bsmedberg posted of this functionality and called for more testers at https://groups.google.com/forum/#!topic/mozilla.dev.apps.firefox/8CIIiXypoXY

The thread already has one very interesting feature request IMHO, namely "when Firefox crashes to turn off saved defaults and reask all the Click to play prompts for all opened tabs when Firefox reopens" by John Bird
Depends on: 838106
Depends on: 838999
Depends on: 827290
Depends on: 840944
Depends on: 841304
Depends on: 841350
Depends on: 841472
No longer depends on: 788584
Depends on: 798176
Depends on: 844725
Depends on: 845253
No longer depends on: 845253
Depends on: 833506
Depends on: 847072
Depends on: 850269
Depends on: 842692
Depends on: 852316
Depends on: 853615
Depends on: 853855
Depends on: 853694
Depends on: 747649
Depends on: 853973
http://omg.yahoo.com/video/redford-company-laboeuf-tucci-081832327.html doesn't play along with click-to-play a "loading" spinner is shown forever.

Is this a known bug or should I file a new one?
Depends on: 861086
Depends on: 843671
No longer depends on: 843671
Depends on: 865866
Depends on: 865809
Depends on: 867730
Can I just strongly emphasize how disappointed I am in Mozilla for activating flash by default (in FF 23.0a1 Nightly) just because I have an up to date flash plugin.

After quite a long enjoyable stretch of having to click to activate flash regardless of the version installed (I've been using click to play since it was first possible in nightly) a short while ago the feature basically was taken away from me. Just because I keep flash up to date? What kind of motivation is that supposed to be? Punishment for doing the right thing?

And what's more the UI for click to play lies to you, about:config says it is enabled, and it says it will ask every time when you check in about:permissions (every site & globally).

So please somewhere, anywhere, give me a switch to force click to play in all circumstances regardless of plugin type or version. Otherwise this feature is noting more than a slap in the face to good netizens.
(In reply to Cam from comment #47)
> Can I just strongly emphasize how disappointed I am in Mozilla for
> activating flash by default (in FF 23.0a1 Nightly) just because I have an up
> to date flash plugin.
> 
> After quite a long enjoyable stretch of having to click to activate flash
> regardless of the version installed (I've been using click to play since it
> was first possible in nightly) a short while ago the feature basically was
> taken away from me. Just because I keep flash up to date? What kind of
> motivation is that supposed to be? Punishment for doing the right thing?
> 
> And what's more the UI for click to play lies to you, about:config says it
> is enabled, and it says it will ask every time when you check in
> about:permissions (every site & globally).
> 
> So please somewhere, anywhere, give me a switch to force click to play in
> all circumstances regardless of plugin type or version. Otherwise this
> feature is noting more than a slap in the face to good netizens.

This is due to bug 549697 landing, which changes how CtP works - you can now enable it per plugin in about:addons. It was not an intentionally "your flash is up to date so we're enabling it," it was merely a change to how the CtP prefs work. See also bug 866935
Depends on: 868016
Depends on: 868085
Depends on: 868091
Found another page with a Flash video that doesn't play along with CtP over at http://gawker.com/5750211/the-full-mcbain-movie-hidden-throughout-simpsons-epsiodes

Is this a known bug or should I file a new one?
(In reply to alex_mayorga from comment #49)
> Found another page with a Flash video that doesn't play along with CtP over
> at
> http://gawker.com/5750211/the-full-mcbain-movie-hidden-throughout-simpsons-
> epsiodes
> 
> Is this a known bug or should I file a new one?

Looks like that's just how the site works - if you're quick enough to open the popup notification and activate flash, it works. In the future, you can probably just list these kinds of things in bug 819972.
Depends on: 869819
Depends on: 870227
Depends on: 873130
Depends on: 876362
Depends on: 875724
Depends on: 880735
Depends on: 884560
Depends on: 883404
Depends on: 898876
Depends on: 899080
Depends on: 801406
Depends on: 901451
Depends on: 902376
Depends on: 902219
Depends on: 902444
As currently implemented in 26.0a1 there is a severe regression in click to play.

If I watch a video on a site (say youtube) and open another tab of the same site then the second tab will begin to play without my consent, wasting CPU running flash in the background and polluting the current audio with a useless background audio track that I'm not currently watching.

There should be the option to require that every plugin on every tab regardless of site or visibility needs explicit approval, otherwise click to play is completely useless and we'll have to go back to using click to flash and the like.
(In reply to Cam from comment #51)
> As currently implemented in 26.0a1 there is a severe regression in click to
> play.


Please, file a new bug: https://bugzilla.mozilla.org/enter_bug.cgi?product=Core&component=Plug-ins
Please do not file a new bug. This is the intended behavior, as discussed in bug 886792.
(In reply to Benjamin Smedberg  [:bsmedberg] PTO 8-Aug until 18-Aug, workweek high latency 19-Aug through 23-Aug from comment #53)
> Please do not file a new bug. This is the intended behavior, as discussed in
> bug 886792.

Inadvertently running more than one instance of Flash puts the fans on my portable computer into overdrive. This is detrimental to my hardware and *cannot* be the intended behaviour. Firefox+Flash is simple not usable like that. Please reconsider.
As discussed in bug 886792, click-to-play is a security feature, intending to protect users form outdated/dangerous plugins. It is not a substitute for Flashblock etc. If a user enables a plugin on one site, then it is reasonable that they do not consider that plugin a threat on the same site in the same browsing session and so c2p allows the plugin to run. For more control over flash player etc, the add-ons route is recommended.
As discussed here, that reasoning is absolutely wrong, and is in fact an anti-pattern of UX. Security should not be optional, and certainly shouldn't require installing addons that you are not informed of before you are allowed to use the browser. Moreover security should not be half-implemented because a false sense of security is worse than none.

Do you honestly think there is one person out there who sees the c2p placeholder and thinks "well that obviously enables the plugin in all cases for this entire domain"?
Depends on: 904222
No longer depends on: 824889
Depends on: 905082
Depends on: 905084
(In reply to Kshitij Chawla from comment #55)
> ... If a user enables a plugin on one site, then it is
> reasonable that they do not consider that plugin a threat on the same site
> in the same browsing session and so c2p allows the plugin to run.

Trusting a site does not imply that I also trust content served via ad delivery networks that serve content that the site owner has no control over. Those have been used to spread malware on trusted sites before.

Could you please clarify what model of trust you intend to implement? Does trusting a site mean trusting the address in the location bar only, or does trusting a site mean trusting all sites referenced from that site? The latter implementation is not what we are used to, because the Internet Explorer zone model is not transitive in that way: Trusting a site means trusting a single DNS domain. This is what (enterprise) users have been trained to expect for years now.

> For more control over flash player etc, the add-ons route is recommended.

That would be OK if Mozilla endorses and audits an add-on like click-to-play-per-element, and add-ons get a chance to be as secure as Firefox itself. I did not feel that Flashblock was on par with the original CTP implementation.
Depends on: 906451
Depends on: 906645
See Also: → 908017
Depends on: 917442
Depends on: 918021
Depends on: 918236
Depends on: 918730
Depends on: 918673
Depends on: 919139
Depends on: 921411
As others have pointed out, I think the most useful behaviour for people running on devices with low hardware resources is enabling a single instance of a plug-in. There could be an option to enable all for that domain, as it is now, or a single process. With some notebooks it is very useful to enable just one running Flash or Silverlight video at once, enabling all for that domain often means having the CPU running at 100%. Implementing the double option (enable all for domain, enable just one) should cover all the preferences and solve the problem. For example, I find enabling a plug-in for all the domain not the behaviour I need on most of the sites.
Depends on: 923527
Depends on: 927392
Depends on: 932633
Depends on: 932666
Depends on: 915951
Depends on: 932824
Depends on: 932832
Depends on: 932854
Depends on: 933935
Depends on: 934503
Depends on: 919734
Depends on: 938460
Depends on: 941137
Depends on: 943383
Depends on: 944876
No longer depends on: 944876
Depends on: 949835
Depends on: 921730
Depends on: 952765
Depends on: 958965
Depends on: 959145
Depends on: 962007
Depends on: 965757
Depends on: 967969
Depends on: 976769
Depends on: 982101
Depends on: 984724
Depends on: 989967
Depends on: 1005302
Depends on: 972237
Depends on: 1005814
Depends on: 923872
Depends on: 1008644
Depends on: 1011924
No longer depends on: 1011924
Depends on: 1013813
Depends on: CTP-perelement
No longer depends on: 923872
Depends on: 972362
This bug is no longer being used for direct tracking: closing.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.