We're talking about multiple domains here: the container (eg. facebook.com) and the content (eg. youtube.com, hulu.com, zynga.com etc.) I'm not sure if we need to support fine-grained controls over both types of domains here, or simply allow plug-in content to play back immediately when a click is received on the container. We'll have to try different approaches here and go with what makes the best sense.
-- Jet ----- Original Message ----- From: "Ian Melven" <imel...@mozilla.com> To: "Jet Villegas" <j...@mozilla.com> Cc: "security-group group" <security-gr...@mozilla.org>, mozilla-dev-secur...@lists.mozilla.org Sent: Friday, April 6, 2012 3:57:36 PM Subject: Re: Opt-in activation for plugins (aka click to play) My opinion is that click to play absolutely should have an easy 'always allow plugins to play on this domain' option for the user for cases like this - this should be persisted unless the user decides to explicitly revoke it. Would that address your concern ? thanks, ian ----- Original Message ----- From: "Jet Villegas" <j...@mozilla.com> To: "Lucas Adamski" <ladam...@mozilla.com>, "Jared Wein" <jw...@mozilla.com> Cc: "Asa Dotzler" <a...@mozilla.com>, "Kev Needham" <k...@mozilla.com>, "security-group group" <security-gr...@mozilla.org>, "Madhava Enros" <men...@mozilla.com>, "Stephen Horlander" <shorlan...@mozilla.com>, "Justin Dolske" <jdol...@mozilla.com>, mozilla-dev-secur...@lists.mozilla.org Sent: Friday, April 6, 2012 3:13:45 PM Subject: Re: Opt-in activation for plugins (aka click to play) Sites like Facebook already have an image preview of their Flash links that users already have to click to play. We may need some way to avoid requiring multiple clicks to get at the plug-in content. -- Jet ----- Original Message ----- From: "Lucas Adamski" <ladam...@mozilla.com> To: "Jared Wein" <jw...@mozilla.com> Cc: "Asa Dotzler" <a...@mozilla.com>, "Kev Needham" <k...@mozilla.com>, "security-group group" <security-gr...@mozilla.org>, "Madhava Enros" <men...@mozilla.com>, "Stephen Horlander" <shorlan...@mozilla.com>, "Justin Dolske" <jdol...@mozilla.com>, mozilla-dev-secur...@lists.mozilla.org Sent: Wednesday, April 4, 2012 2:16:08 PM Subject: Re: Opt-in activation for plugins (aka click to play) On Apr 2, 2012, at 6:37 PM, Jared Wein wrote: > >> >> How would you implement a checkbox in a normal click-to-play >> (in-content) experience? >> >> To be clear that's a 30 day sliding window from last time content was >> played there. So if you visit a given site with plugin content (say >> youtube.com) at least once every 30 days, you conceivably should not >> see that prompt again unless you become vulnerable to a security >> issue. > > We can put checkboxes in the plugin overlay, similar to what we have for > crashed plugins. When the overlay is too small to use we can add secondary > options in the doorhanger dropdown for users to choose to remember the > settings. Ah ok, makes sense. I'd love to get UX feedback here on these respective proposals (implicit persistence of permission on a sliding time window vs explicit checkbox in overlay). Thanks! Lucas. _______________________________________________ Security-group mailing list https://mail.mozilla.org/listinfo/security-group _______________________________________________ Security-group mailing list https://mail.mozilla.org/listinfo/security-group _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security