Hi there - I was encouraged to comment here by Ian Melven. I just wanted to better understand the proposal for dealing with 'invisible' pieces of Flash. Invisible Flash is often used as an audio fall-back when a particular codec isn't supported natively by the browser. As co-author of jPlayer (jPlayer.org) which is used to play audio by sites like Pandora.com I feel that there should be an obvious way for the user to accept the use of non-visible Flash on sites like these. Maybe something similar to the geolocation consent dialog?
I proposed this in the following forums recently Hacker News http://news.ycombinator.com/item?id=3835982 and here on Jared Wein's blog post http://msujaws.wordpress.com/2012/04/11/opting-in-to-plugins-in-firefox/comment-page-2/#comment-1739 where Jared responded : "The current implementation includes a notification icon in the location bar to enable plugins on the page. Clicking on the icon will display a doorhanger which has a button to enable plugins." I'm concerned that this doesn't go far enough - I'm not sure how many users will notice or understand the significance of a notification icon in the location bar and am worried that if it is not clear people will turn away from using browsers like Firefox to browse their favourite audio sites. Perhaps this could be revisited at a later stage should Firefox enable access to the OS's underlying decoders (ie MP3) This would mean of course that for better or worse there would be much less requirement to fall back on Flash audio in Firefox. In general I'm behind the idea of opt-in activation for plugins but -- as has been mentioned a few times in this thread -- I think close attention needs to be paid to the UX. Best regards Mark On Apr 13, 11:55 pm, Jan Schejbal <jan.schejbal_n...@gmx.de> wrote: > Hi, > please make sure that the UI shows which plugin (Java, Flash, ...) the > user is about to enable. > > Use case: When I visit a page that is supposed to show a physics > demonstration (one of the things where sometimes Java is still used), I > need to know if it is Java or Flash before I enable it - Java will take > ages to load and often crash the browser, while flash will work fine. > Unless I really need to see the content, if NoScript shows a Java > placeholder, it's an instant CTRL-W. > > Kind regards, > Jan > > -- > Please avoid sending mails, use the group instead. > If you really need to send me an e-mail, mention "FROM NG" > in the subject line, otherwise my spam filter will delete your mail. > Sorry for the inconvenience, thank the spammers... _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security