Created attachment 764396 [details] 130617 CtP Arrow Panel The CtP doorhanger changes in bug 880735 currently provide two options to the user: Allow Short-term and Allow Long-term (not the actual names). There's also a "X" button on the upper-right corner to dismiss the doorhanger without making a choice. However, because the buttons are much more attractive things for the user to click on, making both of those buttons "Allow" actions can confuse the user into thinking that he must allow the plugin. This isn't security-protecting at all, especially in the insecure plugin case. Instead, I propose to use a 2-button + dropdown overflow menu (see attachment) to accommodate the three valid actions the user can take: 1. Allow short-term 2. Allow long-term 3. Don't Allow (continue blocking the plugin) In this design, the two primary actions are buttons and the secondary actions are displayed by clicking on the dropdown menu. One of the primary actions will always be "Don't Allow". So even if the user never discovers the dropdown menu options, we are directing him to safest / most reasonable options to begin with. ** Some background on other design options ** We considered the button/dropdown combo design pattern that we use in some of our doorhangers (such as WebRTC and Mixed Content) for this doorhanger. I don't really like this pattern because it assumes that the user only has one likely choice (most users don't even know the button is also a dropdown menu). In the case of CtP, there are two equally legitimate choices. Having the dropdown means that it takes more effort for the user to make that 2nd legitimate choice as well, if they even discover it. We also considered having two buttons (Allow and Block) and an "remember my choice" checkbox. However, I thought the Block + Don't Remember my Choice case was ambiguous because Block is already the default state. The user might assume that the combination means the same thing as Allow Once.
We ended up deciding not to do this.