Figure out policy for plugins-in-chrome-documents

RESOLVED INCOMPLETE

Status

()

Core
Plug-ins
RESOLVED INCOMPLETE
5 years ago
20 days ago

People

(Reporter: sicking, Unassigned)

Tracking

Trunk
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Currently the click-to-play code effectively makes all (or at least many) plugins in chrome documents use click-to-play.

While discussing if this was the correct policy it was brought up if we should allow plugins in chrome documents at all.

This is a bug to figure out which policy to use and implement that policy.
OS: Mac OS X → All
Hardware: x86 → All

Comment 1

5 years ago
I don't think we should allow plugins in chrome at all. Not much to gain, terrible for performance, and adds to future support burdens.
Just to make sure I understand:

Are "chrome documents" documents with "chrome:" URLs?

If so, then allowing plugins in them could also be a security issue, and I'm inclined to agree with Josh.

Comment 3

5 years ago
We use a plugin in the main browser chrome window for our HttpWatch product (see http://www.httpwatch.com ). It allows the user interface to be integrated as a docked panel. 

I believe there are other products on the Windows platform that also use plugins to embed a Windows based UI into Firefox. If you removed the ability to host plugins in Chrome then it would make it more difficult for products like ours to work as well in Firefox as it does in Internet Explorer.

We could avoid using a plugin if there was some sort of XUL element that allowed us to embed our own window (HWND based) into our extensions overlay file.

Comment 4

5 years ago
I'm inclined to say we should deprecate plugins in chrome and perhaps not even allow them to instantiate. It can only really be bad-to-terrible for performance (serious footgun), and I certainly wouldn't want to prioritize any work needed to support it. If people really need to use native code there is always ctypes.

Comment 5

5 years ago
(In reply to Josh Aas (Mozilla Corporation) from comment #4)

And somehow I didn't realize I already wrote basically the same thing months ago in this same bug! Apologies.
I don't have a strong opinion, but it seems that addon authors are currently using plugins for various binary-interop uses and we have recommended that in the past because it is often easier/safer than ctypes. So I think that we probably should keep support for now. And plugins in chrome docs shouldn't be CTP.
Depends on: 834918
Resolving old bugs which are likely not relevant any more, since NPAPI plugins are deprecated.
Status: NEW → RESOLVED
Last Resolved: 20 days ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.