Expose the "Always" options directly from the in-page CtP UI

RESOLVED WONTFIX

Status

()

Core
Plug-ins
P2
normal
RESOLVED WONTFIX
6 years ago
5 years ago

People

(Reporter: Benjamin Smedberg, Assigned: Benjamin Smedberg)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Whiteboard: [CtPUR:+] [CtPDefault:P2])

Attachments

(1 attachment, 1 obsolete attachment)

(Assignee)

Description

6 years ago
Currently some set of people are confused by CtP because they don't know how to get to "always for this site".

I talked briefly with lco about this, and for the CtP UR experiment, I'd like to expose a button on the in-page CtP UI. This button will simply open the doorhanger which has the options to always activate plugins.

There's another bug about changing up the doorhanger itself to make "always for this site" a more prominent option, especially in the case where a plugin is not known-vulnerable.

dolske objects to this UI because the doorhanger is not visually attached to the button we're clicking. I don't know if there's a way to reconcile all the different requirements here.
(Assignee)

Comment 1

6 years ago
Created attachment 706416 [details] [diff] [review]
Option Icon, rev. 0.9

This is a WIP patch that I'd like to include in the UR experiment. It steals an icon from the developer console and I'm certain we'll want at least to make it more button-like somehow with a hover.
Attachment #706416 - Flags: feedback?(jaws)

Comment 2

6 years ago
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #0)
> dolske objects to this UI because the doorhanger is not visually attached to
> the button we're clicking. I don't know if there's a way to reconcile all
> the different requirements here.

I don't think we should try to implement this for the UI study, but just a thought:

What if clicking the entire blocked content displayed the doorhanger (rather than the current behavior of enabling the plugin)? Would that feel better than having the doorhanger trigger from a button, which I agree is kind of weird?

It's not a perfect solution in that it's more annoying than clicking on a plugin to enable it. But maybe it's one that could work for blocklisted plugins? We certainly have to find a solution for invisible plugins as well. I will think about it some more :)
(Assignee)

Comment 3

6 years ago
I think that may be a reasonable solution for insecure plugins, but almost certainly not for "safe" plugins. One of the big usecases here is for the user to only play the video/game/whatever that they want, but not playing the Flash advertising. The doorhanger doesn't let you do that; it only enables all of the plugins on the page.
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #3)
> I think that may be a reasonable solution for insecure plugins

And indeed there's a bug for it! bug 832481
(Assignee)

Comment 5

6 years ago
Created attachment 708721 [details] [diff] [review]
Option Icon, rev. 0.9.1 (winstripe)
(Assignee)

Updated

6 years ago
Attachment #706416 - Attachment is obsolete: true
Attachment #706416 - Flags: feedback?(jaws)
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #3)
> I think that may be a reasonable solution for insecure plugins, but almost
> certainly not for "safe" plugins. One of the big usecases here is for the
> user to only play the video/game/whatever that they want, but not playing
> the Flash advertising. The doorhanger doesn't let you do that; it only
> enables all of the plugins on the page.

Click-to-play isn't intended to be an anti-advertising feature. The primary goal is for it to be a security feature. And, we've decided to bet on Flash's sandboxing being (or becoming) an acceptable security feature.

I think lco's idea is very good because it also solves the clickjacking problems, and it also teaches the user how to find the doorhanger for hidden plugins.

We should optimize the case of activating individual instances of Flash in a separate bug.
(In reply to Brian Smith (:bsmith) from comment #6)
> (In reply to Benjamin Smedberg  [:bsmedberg] from comment #3)
> > I think that may be a reasonable solution for insecure plugins, but almost
> > certainly not for "safe" plugins.

Another way of thinking about this: Flash is the only plugin we are considering "safe". There are three classifications: safe, known-unsafe, unknown safety. Only Flash is in the "safe" category. Everything else is in the "unknown safety" category by default.

Also, to clarify, my concern with this proposal is that it makes clickjacking even more dangerous than it is now.

(BTW, I keep hearing about there being a public mailing list discussion about improvements to CtP on dev.apps.firefox, but I see no such discussion. Is it happening somewhere else now? If so, please let me know by email where that is happening.)
(Assignee)

Comment 8

6 years ago
This is my bug, please don't try to hijack it. The purpose of this bug is UI design for plugins which are not known to be unsafe. click-to-play for all plugins is not primarily a security feature, though it does have some security benefits. The goal is for plugins which we don't know to be unsafe to be activated as easily as possible with a single click on the page. We are not going to protect against clickingjacking in this case; only for the case of a known-insecure plugin.
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #0)

> dolske objects to this UI because the doorhanger is not visually attached to
> the button we're clicking.

I think I retract my concern. While it still seems weird conceptually, I think we essentially already have things that work like this and they're just fine. Consider geolocation... If you go to maps.google.com and click the "dot" icon (right above the streetview icon), a geolocation-permission doorhanger is triggered.

I don't know if the current patch "feels" the same (didn't look, didn't test), but seems like this approach can be made to work.
Whiteboard: [CtPDefault:P2]
(Assignee)

Updated

6 years ago
Whiteboard: [CtPDefault:P2] → [CtPUR:+] [CtPDefault:P2]
The new CtP UI spec obsoletes this.
Clicking the in-content CtP UI will bring up the doorhanger, which will include an option to activate it "for some time".
(Assignee)

Updated

5 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.