Opt-in activation for plugins: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
(Mediawiki shows the need for a "hate" emoticon.)
Line 21: Line 21:


# Accidental/malicious install: "Hey, we suddenly found a new SketchyWare.dll plugin on your system. Did you actually want to use it?"
# Accidental/malicious install: "Hey, we suddenly found a new SketchyWare.dll plugin on your system. Did you actually want to use it?"
# Performance: Another is the "Java makes my system asplode when a page loads, but sometimes I want to use it" problem.
# Performance: The "Java makes my system asplode when a page loads, but sometimes I want to use it" problem.
# Security: Users who don't trust Flash, as well as giving us a way to soft-block a plugin that a user needs to use on legit sites (YouTube, intranet, whatever).
# Security: Users who don't trust Flash, as well as giving us a way to soft-block a plugin that a user needs to use on legit sites (YouTube, intranet, whatever).


Revision as of 03:51, 27 May 2011

Feature Status ETA Owner
Opt-in activation for plugins N/A Justin Dolske

Summary

Unknown, slow or insecure plugins shouldn't be allowed to run without user interaction.

Meant to help with multiple scenarios:

  1. Accidental/malicious install: "Hey, we suddenly found a new SketchyWare.dll plugin on your system. Did you actually want to use it?"
  2. Performance: The "Java makes my system asplode when a page loads, but sometimes I want to use it" problem.
  3. Security: Users who don't trust Flash, as well as giving us a way to soft-block a plugin that a user needs to use on legit sites (YouTube, intranet, whatever).

Team

  • Feature Manager: Justin Dolske
  • Lead Developer:
  • Product Manager:
  • QA:
  • UX: Alex Limi
  • Accessibility:
  • Security:
  • Privacy:

Release Requirements

  • Ability to set autoplay, click-to-play or never play on any plugin
  • Built-in whitelist for the most common plugins


Designs

  • Settings: Render this plugin: (Always|when clicked|never)
  • When you have clicked a particular plugin on a given site 3 times or more, we should enable it automatically from then on if you haven't explicitly said otherwise.
  • Optional, but interesting: Ability to soft-block 0-day using click-to-play.

Next Steps & Open Issues

  • Get estimates from Justin

Related Bugs & Dependencies

Risks

Test Plans

Goals

Make it harder for plugins to slow down Firefox.

Non-Goals

Other Stuff

Chrome already does something similar.


Retrieved from "https://wiki.allizom.org/index.php?title=Opt-in_activation_for_plugins&oldid=313271"