Closed
Bug 853584
Opened 11 years ago
Closed 6 years ago
Don't show about:newaddon for blocklisted add-ons.
Categories
(Toolkit :: Add-ons Manager, defect)
Toolkit
Add-ons Manager
Tracking
()
RESOLVED
INVALID
People
(Reporter: kmag, Assigned: riadh.chtara)
Details
(Whiteboard: [squeaky])
Attachments
(1 file, 2 obsolete files)
1.14 KB,
patch
|
Unfocused
:
review-
|
Details | Diff | Splinter Review |
It seems that soft blocks are ineffective for add-ons installed via about:newaddon. They start off disabled, but about:newaddon opens as normal, with no warning, and can be used to enable the add-on as usual. The only place the warning is shown is in the add-on manager, which users are unlikely to open before accepting the installation. I think that instead we should show the normal blocked add-on dialog, and skip about:newaddon entirely, in these cases.
Comment 1•11 years ago
|
||
This is pretty important, since we're currently blocking lots of side-installed add-ons, and these blocks aren't working correctly.
Severity: normal → critical
Assignee | ||
Comment 2•11 years ago
|
||
Reporter | ||
Comment 3•11 years ago
|
||
Comment on attachment 728764 [details] [diff] [review] patch for newaddon.js >+ document.getElementById("warning-soft-msg").value = gStrings.ext.formatStringFromName( >+ "details.notification.softblocked", >+ [aAddon.name], 1 Indent is off. >+ ); Same line as above, please. It would be better to keep to the style of similar code in this file: let warning = gStrings.ext.formatStringFromName("details.notification.softblocked", [aAddon.name], 1); document.getElementById("warning-soft-msg").value = warning; >+ <hbox id="warning-soft" hidden="true"> >+ <image id="warning-soft-icon"/> >+ <description id="warning-soft-msg" flex="1"></description> >+ </hbox> ... >+#warning-soft { >+ margin-bottom: 25px; >+ -moz-box-align: start; >+} >+ >+#warning-soft-icon { >+ list-style-image: url("chrome://mozapps/skin/extensions/alerticon-warning.png"); >+ width: 16px; >+ height: 15px; >+ -moz-margin-end: 5px; >+} UX will have to have a look at this. I don't think this warning is strong enough. We'll also need a more info link like we have in the other places where this warning appears. Blair, can you have a look at this?
Attachment #728764 -
Flags: review?(bmcbride)
Assignee | ||
Comment 4•11 years ago
|
||
Assignee | ||
Comment 5•11 years ago
|
||
Hey Kris, I updated the patch. Sorry for these mistake
Reporter | ||
Updated•11 years ago
|
Attachment #728764 -
Attachment is obsolete: true
Attachment #728764 -
Attachment is patch: true
Attachment #728764 -
Flags: review?(bmcbride)
Reporter | ||
Updated•11 years ago
|
Attachment #728770 -
Attachment is patch: true
Attachment #728770 -
Flags: review?(bmcbride)
Comment 6•11 years ago
|
||
Comment on attachment 728770 [details] [diff] [review] addons with indention Review of attachment 728770 [details] [diff] [review]: ----------------------------------------------------------------- I like this better than comment 0. Comment 0 describes using the blocklist UI for this, but a modal dialog doesn't feel like the right fit for something that won't suddenly disable an add-on that a person has opted to use (since this is a new add-on). So contrary to comment 0, modifying about:newaddon as this patch does seems more appropriate. But I think if we're going to add such a warning to about:newaddon, it's going to need to be a lot more visually stronger than this. It should also re-use the existing convention used in about:addons, which is: * Red stripes at the top of the .addon-container element, using stripes-error.png * Warning, in bold red, at the top * Warning should include a link to get more information as to why the add-on is blocked Screenshots of existing UI: * http://i.imgur.com/a2YoVof.png * http://i.imgur.com/gQ3zg4D.png ::: toolkit/mozapps/extensions/content/newaddon.js @@ +79,5 @@ > document.getElementById("location").hidden = true; > } > > + if (aAddon.blocklistState == Ci.nsIBlocklistService.STATE_SOFTBLOCKED) { > + let warning = gStrings.ext.formatStringFromName("details.notification.softblocked", gStrings doesn't actually exist in newaddon.js - only in extensions.js. Also, we can't re-use the details.notification.softblocked string for this, as we're using a string in a different context. It needs to be a separate string, even though it'll be the exact same wording. So add a new string to newaddon.properties, which is already loaded earlier in this function.
Attachment #728770 -
Flags: review?(bmcbride) → review-
Comment 7•11 years ago
|
||
(In reply to Blair McBride [:Unfocused] (Back from the dead. Mostly.) from comment #6) > I like this better than comment 0. Comment 0 describes using the blocklist > UI for this, but a modal dialog doesn't feel like the right fit for > something that won't suddenly disable an add-on that a person has opted to > use (since this is a new add-on). So contrary to comment 0, modifying > about:newaddon as this patch does seems more appropriate. Sorry, ignore all of comment 6 - just talked this over with Dave and Kris. We don't show any UI for newly detected add-ons that are hard-blocked, and before we had about:newaddon we showed no UI for newly detected add-ons that are soft-blocked. We generally want to discourage enabling soft-blocked add-ons (scary warning + not super easy to do). Neither a warning in about:newaddon or the blocklist UI fit with this. Therefore, lets make it so we just don't show any UI for soft-blocked add-ons. We figure out whether to open about:newaddon here: https://mxr.mozilla.org/mozilla-central/source/browser/components/nsBrowserGlue.js#559
Updated•11 years ago
|
Assignee: nobody → riadh.chtara
Status: NEW → ASSIGNED
Assignee | ||
Comment 8•11 years ago
|
||
Attachment #728770 -
Attachment is obsolete: true
Assignee | ||
Comment 9•11 years ago
|
||
hey I changed. By the way,I have a stupid problem, I use ubuntu, and I could'not find an app that installs softblocked extension or addons to my browser to test if the changes I made works.
Reporter | ||
Comment 10•11 years ago
|
||
Comment on attachment 729297 [details] [diff] [review] simple new addons If you know who should review a patch, you should generally flag it for review. >+ if (!aAddon.userDisabled || !(aAddon.permissions & AddonManager.PERM_CAN_ENABLE) || >+ (aAddon.blocklistState == Ci.nsIBlocklistService.STATE_SOFTBLOCKED)) I wonder if we should be doing blocklistState != STATE_NOT_BLOCKED instead?
Attachment #729297 -
Attachment is patch: true
Attachment #729297 -
Flags: review?(bmcbride)
Assignee | ||
Comment 11•11 years ago
|
||
If, I'm not wrong, we need to hide the about:newaddon if the addons is SOFTBLOCKED. Thank you for the hint (about reviewing), I never know that :)
Reporter | ||
Comment 12•11 years ago
|
||
Yes, but I think it might make sense to err on the side of caution and not show it if the add-on is any-kind-of-blocked.
Comment 13•11 years ago
|
||
(In reply to Kris Maglione [:kmag] from comment #10) > I wonder if we should be doing blocklistState != STATE_NOT_BLOCKED instead? Nah, just testing STATE_SOFTBLOCKED is fine. And anyway, we've added a few blocklist states that don't disable add-ons - they're currently only used for plugins, but theoretically any add-on type can use them, and about:newaddon (theoretically) applies to any add-on type. (In reply to riadh.chtara from comment #9) > By the way,I have a stupid problem, I use ubuntu, and I could'not find an > app that installs softblocked extension or addons to my browser to test if > the changes I made works. Yea, that can often be difficult. Your best bet is to use our test framework to install a mock add-on - we should have an automated test cover this change anyway. This test covers about:newaddon: https://mxr.mozilla.org/mozilla-central/source/toolkit/mozapps/extensions/test/browser/browser_newaddon.js You should be able to use a 'blocklistState' property on an object passed into gProvider.createAddons() to mimic a softblocked add-on.
Comment 14•11 years ago
|
||
Comment on attachment 729297 [details] [diff] [review] simple new addons Review of attachment 729297 [details] [diff] [review]: ----------------------------------------------------------------- Looks good :) Just needs a test, as mentioned in comment 13.
Attachment #729297 -
Flags: review?(bmcbride) → review-
Reporter | ||
Comment 15•11 years ago
|
||
(In reply to riadh.chtara from comment #9) > hey > I changed. > By the way,I have a stupid problem, I use ubuntu, and I could'not find an > app that installs softblocked extension or addons to my browser to test if > the changes I made works. No need to find software that side-installs an add-on. Just make sure extensions.autoDisableScopes & 1 is true (the default value of 15 works) and drop this (do-nothing) XPI in your profile's extensions directory: https://people.mozilla.com/~kmaglione/50d1ceec73b1b@50d1ceec73b55.info.xpi
Reporter | ||
Comment 16•11 years ago
|
||
(In reply to Blair McBride [:Unfocused] (Back from the dead. Mostly.) from comment #13) > (In reply to Kris Maglione [:kmag] from comment #10) > > I wonder if we should be doing blocklistState != STATE_NOT_BLOCKED instead? > > Nah, just testing STATE_SOFTBLOCKED is fine. And anyway, we've added a few > blocklist states that don't disable add-ons - they're currently only used > for plugins, but theoretically any add-on type can use them, and > about:newaddon (theoretically) applies to any add-on type. In that case, we should probably show a warning in about:newaddon a la the initial patch for add-ons with other types of blocks, but that can be a different bug. It's probably not relevant until we have other types of blocks that apply to non-plugin add-ons anyway.
Assignee | ||
Comment 17•11 years ago
|
||
hey, I tried the Kris's extension and it works fine. I'm very glad for that. (it's my first bug for the addons manager)
Comment 18•6 years ago
|
||
Thank you Riadh for working on this bug. Unfortunately about:newaddon no longer exists with the new permissions model and WebExtensions. It's been 4 years since this bug was last commented on. I'd like to close this bug since I suspect its no longer valid. If that's incorrect, I'll reopen. Thanks for your help Riadh.
Status: ASSIGNED → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•