Restore per-each-element click-to-play

Elbart elbart at gmx.de
Sat Jun 29 18:37:38 UTC 2013


Hello.

Is there any chance the proper "click to play per each element" feature (as 
seen
in 23.0b1) gets reinstated for 24, so the seemingly broken "click to 
whitelist
plugins and allow for whole domains without granular control over each 
element"
feature can be properly dealt with and fixed in the rapid-release-cycle?

Now that Australis was postponed to be properly refined and thus isn't part 
of
the next ESR-cycle, I think "click to whitelist" deserves the same 
treatment.
Considering the broken condition in 24.0a2 and the big changes it caused,
compared to the "click to play"-behavior in 23 and before.

If "click to whitelist" is here to stay, users, who wish more granular 
control
over embedded plugin-elements are just going to stick with Flashblock, 
Noscript,
and all the other addons with similar features.

In other words, all the hours of implementing a built-in "click to play" 
feature
would have been wasted on a feature, which does nothing positive for the 
user
but to present the occasional doorhanger. After a few weeks, all frequently
visited sites will be whitelisted, and the state of things will be as if the
user has set the plugins to "always activate". To fix this, people will have 
to
install some of the aforementioned addons to get the proper "click-to-play"-
experience.

In short:
What's the point of a security-feature, which, over time, renders itself 
useless?

Thank you for your time.

PS: Most malicious Flash- and Java-files aren't spread via normal sites but 
the
ad-services these websites are using. After conducting some tests with the
current Aurora, whitelisting domains also activates Flash-elements which are
loaded from other websites, for example in an iframe. Doesn't sound safe to 
me. 




More information about the firefox-dev mailing list