在 2017/2/10 22:34, Benjamin Smedberg 写道:
On Fri, Feb 10, 2017 at 12:36 AM, 段垚 <duan...@ustc.edu> wrote:
在 2017/2/10 1:28, Benjamin Smedberg 写道:
On Wed, Feb 8, 2017 at 2:26 AM, 段垚 <duan...@ustc.edu> wrote:
Is this just preventing auto-loading (like "click to play") or completely
disable Flash for non-http(s) contents?
This is completely disabling this content.
Can users get back old behavior by flipping a preference?
That is not the plan, no.
Well, this plan seems too aggressive. I'd rather recommend implementing
"click to play" for non-http(s) Flash first and deferring complete removal.
IE requires user's confirmation to load local Flash for a long time.
We are planning on making Flash click-to-play by default for all content.
However, our implementation of click-to-play is based on remembering that
setting per site. This implementation does not work with file: URIs and the
engineering and QA effort to make it work is well beyond what we think is a
reasonable investment.
I think it is OK to not remember that setting for file-urls - just
require confirmation on each reload.
Is this simpler to implementation?
Flash is a dying technology and this is one low-cost
way we can reduce attack surface and make users safer.
--BDS
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform
