Canmove, confirm
285
edits
Changes
no edit summary
}}
{{FeaturePageBody
|Feature open issues and risks=* What type of UX How do we manage Mozilla-controlled click to have for allowing users to opt in (or out) of enabling plugins on a (semi)persistent basisplay settings? See below in Deliver via our existing blocklist mechanism? (Potentially leverage severity 0 "Use Caseswarning-only".blocklist entries"?) A new system? ** Requires more research
* How do Adverse reactions between content plugin sniffing and click-to-play** Bsmedberg asks in bug 711552: "Are we manage Mozillaexposing to the DOM that a particular plugin element (<object> or <embed> is user-controlled disabled?) This seems important for websites that rely primarily on plugins (e.g. Pandora) so that they can show alternate UI (plugins are disabled, please click to play) instead of timing out and showing a generic "please install Flash" or "Song initialization timed out, please hit refresh" UI."** Can content differentiate between "click to play settings? Deliver via our existing blocklist mechanism? (Potentially leverage severity 0 "warningand "hard-only" blocklist entriesdisabled for security reasons"?** This will be determined later on, after some of the phases land. <b>Questions for UX</b>* What type of UX to have for allowing users to opt in (or out) A new systemof enabling plugins on a (semi)persistent basis? See below in "Use Cases".
* Where are the preferences to require click to play for all or specific plugins? Where are the preferences to have separate plugin permissions per-site?
* UX - Invisible (or barely visible) plugins will cause an infobar to appear to enable all plugins on the page - how do we handle multiple invisible (or barely visible) plugins on a page ? (stacking infobars ?)
|Feature overview=Out of date (and hence, likely vulnerable) plugins shouldn't be allowed to run without user interaction.
Warning the user of a newly installed plugin - this is part of another feature : https://wiki.mozilla.org/Features/Firefox/Improved_plugin_installation_and_management_experience
We are currently not going to protect against clickjacking for click to play plugins.
We are not currently differentiating between an SSL site containing plugin content and an HTTP site containing plugin content. We are differentiating per domain and not per scheme or port.
|Feature functional spec=Phase 1:
Users can turn on a preference to require click to play for all plugins globally
Phase 2:
Users can turn on preferences to require click to play for specific plugins. And potentially per site preferences.
Phase 3:
This will implement User & Uses Cases 4-9.
Phase 4: Explore User and Use Cases 1-3. This needs more research. Can we leverage user behavior to define a heuristic of when a plugin should be click to play.?
|Feature ux design=When "click to play" plugins are found on a page, their start up will be delayed until a user performs interaction with the browser to enable the running of the plugin (as much as possible).
