Closed Bug 959145 Opened 10 years ago Closed 10 years ago

Loading a site in sidebar bypasses CTP

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: sjw+bugzilla, Unassigned)

References

Details

(Whiteboard: [bugday-20140113]) 

STR:
1. Bookmark a site that uses plugins (e.g. Java). Make sure the plugin is set to CTP.
2. Edit the properties of the bookmark to load it in the sidebar
3. Open the bookmark

The site will execute the plugins without asking.
Blocks: click-to-play
Whiteboard: [bugday-20140113]
I cannot reproduce this. I created a bookmark for http://benjamin.smedbergs.us/tests/ctptests/java-solo.html and set it to load in the sidebar. Where the plugin is supposed to be is the grey CtP background. There is in fact no way to activate the plugin because we don't install a click listener on the CtP overlay.
Flags: needinfo?(sjw)
Testcase works fine for me.
The site I used to test it was https://www.mozilla.org/en-US/plugincheck/ with the Java SDK Plugin.
Flags: needinfo?(sjw)
How do you know that Java is running? I loaded plugincheck in the sidebar, and it says my Java is up to date, but I'm about 99% certain that it did not launch Java. It just uses navigator.plugins and navigator.mimeTypes to check the version numbers.
Flags: needinfo?(sjw)
When I run the test in the normal window, there is a warning that Java has security issues and if I would continue blocking or allow.
Flags: needinfo?(sjw)
We don't show that UI for the sidebar, but we also don't active the plugin.
Group: core-security
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.