Is this just preventing auto-loading (like "click to play") or
completely disable Flash for non-http(s) contents?
Can users get back old behavior by flipping a preference?
We have developed a Firefox based tool to edit/view local EPub files,
which may contain Flash.
If this feature can't be opt-out , we and our customs will be in trouble.
I understand and appreciate the trend of web without plugins, but we and
our customs just have too many Flash assets.
Thanks.
Duan, Yao
在 2017/2/8 5:15, Benjamin Smedberg 写道:
I intend to ship a change which will prevent Flash from loading from file:,
ftp:, or any other URL scheme other than http: or https:. The purpose of
this change is to increase security and limit Flash to well-tested
configuraitons.
- file: same-origin security mechanism is different, and so there have
been problems in the past with Flash content bypassing normal controls.
- Flash is normally not tested with ftp: or other protocols, and we've
had security issues in the past as a result of interactions between Flash
and these sites.
I am not yet sure whether we will be able to prevent Flash from loading in
data: contexts or not. I'd like to, but it may not be possible without
breaking existing content.
This work is being tracked in
https://bugzilla.mozilla.org/show_bug.cgi?id=1335475
--BDS
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
