820054 - Whitelist plugins with plugins.click_to_play enabled

Status: RESOLVED DUPLICATE of bug 549697

(Core Graveyard :: Plug-ins, defect)

Description

[Bob]

User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0
Build ID: 20121128204232

Steps to reproduce:

Enabled `plugins.click_to_play`. Installed HP SimplePass password manager.


Actual results:

The HP SimplePass (fingerprint scanner password manager) plugin no longer runs.


Expected results:

There should be a way to add plugins to a whitelist, where they will always be allowed to run even with `plugins.click_to_play` enabled.

I would like to keep most plugins opt-in, with an exception(s) - which I would like to add to the proposed whitelist. At the moment, it is possible to whitelist sites (domains), but this is a plugin that should be allowed to run on every domain, while other plugins remain opt-in.

Comment 1

[Benjamin Smedberg]

I suspect that this is WONTFIX, but I'm going to make a pass through the set of CTP bugs and try to come up with a coherent plan early in January.

Comment 2

[Paul Silaghi, QA [:pauly]]

(In reply to Bob from comment #0)
> At the moment, it is possible
> to whitelist sites (domains), but this is a plugin that should be allowed to
> run on every domain, while other plugins remain opt-in.

Sounds interesting...

Comment 3

[John Schoenick [:johns]]

This should be easy to do with a pref, even if we don't want to add UI for it.

Comment 4

[Jesse Ruderman]

See also bug 776432.

Comment 5

[Benjamin Smedberg]

This will be accomplished by the addons manager UI, which (unless plugins are known to be insecure) will allow users to have always-on, always-disabled, or click-to-play behaviors. I'm just going to mark this a duplicate of that bug.