Confirm
197
edits
Changes
no edit summary
* Risk of clickjacking - is this something we should try to mitigate ?
* Whether to differentiate between an SSL site containing plugin content loaded over SSL and an HTTP site containing plugin content loaded over HTTP. Trusting Trusting content served over HTTPS is not the same as trusting content over HTTP, which is why they are usually treated as separate origins for security purposes. For example, if a user goes to https://foo.com, encounters plugins which are click to play, and chooses some method of always enabling plugins for this site does that always enable for foo.com regardless of scheme or for https://foo.com and NOT http://foo.com ?
|Feature overview=Out of date (and hence, likely vulnerable) plugins shouldn't be allowed to run without user interaction.
Warning the user of a newly installed plugin - this is part of another feature : https://wiki.mozilla.org/Features/Firefox/Improved_plugin_installation_and_management_experience
|Feature functional spec=Phase 1:
Users can turn on a preference to require click to play for all plugins globally
