Please consider a more user friendly UI for blocked plugins.

Floh floooh at gmail.com
Tue Oct 22 11:31:15 UTC 2013


I'm coming from the "Java-Plugin-blocked" bug here to hopefully start a bit
of a more constructive discussion instead of the whining going on there ;)

https://bugzilla.mozilla.org/show_bug.cgi?id=914690

I agree that Java shouldn't run automatically, and that old Java version
with confirmed security problems should display a red alert warning and
make it hard for the user to run the plugin without updating. But
displaying the red-alert-scare UI for all versions of Java (even for the
latest version) without known security holes is a really bad decision IMHO.

The current UI (red circle and a text that the plugin is vulnerable)
doesn't make it clear at all that the user can interact with the plugin
box. Instead most users will assume that they can't actually activate the
plugin and go away which is *really* bad for our business.

===
If the user has installed the latest Java plugin version (without known
security holes) the plugin box should (1) be less scary (no red circle, and
a less intimidating text), and (2) make it obvious that the user can
activate the plugin with a click if he/she trusts the web site.
===

Of course Java in the client is shit and we want to move away from it (our
current time horizon for this is that we need a plugin-free solution for
our games until end of 2014, through emscripten+WebGL (you can see a
glimpse of this here: http://www.flohofwoe.net/demos.html), and
alternatively push our native stand-alone client more), but you need to
give us a reliable and big enough time window for migration. I was
expecting that FF starts a more strict click-to-play policy for plugins
around December 2013, but I was not expecting that Java would essentially
be completely disabled (because that's what it feels right now to the user).

So to reiterate: I'd like to vote for a more intuitive and less scary user
interface for (Java) plugins if the user has installed the latest version
without known security holes. It should be obvious to the user that he can
activate the plugin with a single click, choosing between "Run Once", or
"Run Always on this site".

Thanks for listening,
-Floh.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.mozilla.org/pipermail/firefox-dev/attachments/20131022/5cb9a119/attachment.html>


More information about the firefox-dev mailing list