On Fri, Feb 10, 2017 at 12:36 AM, 段垚 <duan...@ustc.edu> wrote: > > 在 2017/2/10 1:28, Benjamin Smedberg 写道: > >> On Wed, Feb 8, 2017 at 2:26 AM, 段垚 <duan...@ustc.edu> wrote: >> >> Is this just preventing auto-loading (like "click to play") or completely >>> disable Flash for non-http(s) contents? >>> >>> This is completely disabling this content. >> >> >> Can users get back old behavior by flipping a preference? >>> >>> That is not the plan, no. >> >> Well, this plan seems too aggressive. I'd rather recommend implementing > "click to play" for non-http(s) Flash first and deferring complete removal. > > IE requires user's confirmation to load local Flash for a long time. >
We are planning on making Flash click-to-play by default for all content. However, our implementation of click-to-play is based on remembering that setting per site. This implementation does not work with file: URIs and the engineering and QA effort to make it work is well beyond what we think is a reasonable investment. Flash is a dying technology and this is one low-cost way we can reduce attack surface and make users safer. --BDS _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform