Closed Bug 982028 Opened 7 years ago Closed 7 years ago

DnB Nord Sign Plugin

Categories

(Firefox Graveyard :: Plugin Click-To-Activate Whitelist, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED WORKSFORME

People

(Reporter: marcin.pijanowski, Assigned: benjamin, NeedInfo)

Details

(Whiteboard: needs transition plan, plugin delivered via .xpi)

Attachments

(5 files)

<<Please supply the following information for new plugin whitelist requests>>

Plugin name: DnB Nord Sign Plugin
Vendor: Comarch S.A
Point of contact: marcin.pijanowski@comarch.pl

for Windows
Current version: 1.3.0.45
for Linux
Current version: 1.3.0.51
for Mac
Current version: 1.3.0.45
 
Download URL: 
https://net.dnb.pl/static/components/13045/SignPluginInstallNord.xpi
https://net.dnb.pl/static/components/13045/DnB_Nord_signPlugin_Win_FF3.6-5.0_1.3.0.45.xpi
https://net.dnb.pl/static/components/13045/DnB_Nord_signPlugin_Win_FF6.0_1.3.0.45.xpi
https://net.dnb.pl/static/components/13051/SignPluginInstallNordLinux.xpi
https://net.dnb.pl/static/components/13062/SignPluginInstallNordMac.xpi

Sample URL of plugin in use:  

Plugin details:

<<For each affected operating system, please copy the plugin information from about:plugins in Firefox>>

for Windows
    DnB Nord SignPlugin

    Plik: NPSignPluginNord.dll
    Ścieżka: C:\Users\comarch\AppData\Roaming\Mozilla\Firefox\Profiles\murlsjrt.default\extensions\SignPlugin@dnbnord.pl\plugins\NPSignPluginNord.dll
    Wersja: 1.3.0.45
    Stan: Włączony
    DnB Nord SignPlugin version 1, 3, 0, 45

    Typ MIME	                        Opis	Rozszerzenia
    application/nord-sign-plugin	npsign	sig

for Linux
    NPSignPluginNORD

    File: npNPSignPluginNORD.so
    Path: /home/comarch/.mozilla/firefox/rhpgb22e.default/extensions/SignPlugin@dnbnord.pl/plugins/npNPSignPluginNORD.so
    Version: 1.3.0.51
    State: Enabled

    MIME Type	                        Description	          Suffixes
    application/nord-sign-plugin	DnB Nord SignPlugin

for Mac
NPSignPluginNORD

    Plik: NPSignPluginNORD.plugin,NPSignPluginNORD.plugin
    Ścieżka: /Users/marek/Library/Application Support/Firefox/Profiles/6td0dqcc.default-1392723244041/extensions/SignPlugin@dnbnord.pl/plugins/NPSignPluginNORD.plugin,/Library/Internet Plug-Ins/NPSignPluginNORD.plugin
    Wersja: NPSignPluginNORD 1.3.0.62
    Stan: Włączony
    DnB Nord SignPlugin

    MIME Type	                        Description	          Suffixes
    application/nord-sign-plugin	DnB Nord SignPlugin

Are there any variations in the plugin file name, MIME types, description, or version from one release to the next?
    No, no, no, no
Are there any known security issues in current or older versions of the plugin?
    No
for windows
for windows
for windows
for Linux
for Mac
Sample URL of plugin in use: Not publicly available
The ones you listed here are delivered in XPIs - can't you add the permissions per-site (best, if sites known in advance) or globally from the extension?
I can check it. Do you have some examples of code?
I don't think we have any good example or documentation for that yet, but for adding the permissions you would use nsIPermissionManager.add() for every mimetype [1].
* for the type param use nsIPluginManager.getPermissionStringForType().
* the permission param should be Ci.nsIPermissionManager.ALLOW_ACTION
* expire type Ci.nsIPermissionManager.EXPIRE_NEVER or Ci.nsIPermissionManager.EXPIRE_TIME

You can see similar usage to that in our click-to-play code and check permissions.sqlite in your profile folder [2].

Globally activating it would be done via prefs, you can check about:config and filter for "plugin.state." for comparison.


Lets continue this on the dev.tech.plugins mailing list if you have further questions, i'm sure this could be interesting for more people.


[1] https://developer.mozilla.org/en-US/docs/XPCOM_Interface_Reference/nsIPermissionManager#add%28%29
[2] http://hg.mozilla.org//mozilla-central/annotate/67485526e241/browser/base/content/browser-plugins.js#l729
Actually I don't think addons should use a persistent permission, but should install install an EXPIRE_SESSION permission on every startup. That way if/when the user disables or uninstalls the addon, it won't leave any stale permissions around.

Georg, it sounds like we ought to write an addon SDK module for this.
(In reply to Benjamin Smedberg  [:bsmedberg] from comment #10)
> Georg, it sounds like we ought to write an addon SDK module for this.

Good point, filed bug 982101.
Marcin, you need to provide details about the transition plan away from the plugin to native HTML5 technologies. You can do that as a comment here in the bug or by sending private mail to pluginwhitelist@mozilla.com
Flags: needinfo?(marcin.pijanowski)
Whiteboard: needs transition plan, plugin delivered via .xpi
We have decided to automatically activate plugins which are shipped as part of a larger Firefox extension (see bug 982101). So in this case it is not necessary to whitelist the plugin separately.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WORKSFORME
FWIW, this addon is setting plugins.click_to_play to FALSE every time Firefox starts.
biod, can you please fix that ASAP? That is not acceptable. As a workaround for current/older versions of Firefox you can set the pref for your specific plugin or call .playPlugin() directly on your copy, but please don't change global pref values.
Product: Firefox → Firefox Graveyard
You need to log in before you can comment on or make changes to this bug.