Site-specific permissions for Firefox’ opt-in plugins

20 April, 2012 § 18 Comments

Today I landed an implementation of site-specific permissions for Firefox’ opt-in plugins. I previously wrote about Firefox 14’s non-default support for opt-in (also known as click-to-play) plugins last week.

That blog post garnered a lot of attention. Over 25 news sites covered the news, and the blog post was viewed close to 3,000 times.

Many people downloaded the Nightly version of Firefox to test out the feature, and a few people have told me how they are now using the feature full-time. Today’s addition of site-specific permissions makes using the feature much easier.

With site-specific permissions, users can whitelist sites that they visit often and trust. Sites that are whitelisted will activate plugins automatically upon load.

To add site-specific permissions, click on the plugin block in the location bar. The doorhanger that appears contains a dropdown with options to: Activate plugins; Always activate plugins for this site; Never activate plugins for this site; and Not Now.

To manage these permissions, users can click on the site-identity block next to the website address. From there, click on “More Information…“. The Page Info dialog will now appear. Clicking on the Permissions tab of the dialog will show any site-specific permissions that are stored for the current site, as well as the ability to change any of those permissions.

This feature will remain disabled by default in Firefox 14. David Keeler is also helping implement the feature, and has most recently been working on adding the ability to only enable plugins of a specific runtime (Flash, Java, Silverlight, etc). For more information on the status of the feature, see our feature page for Opt-in Activation of Plugins.

Tagged: , , , , ,

§ 18 Responses to Site-specific permissions for Firefox’ opt-in plugins

  • Lozzy says:

    Excellent progress, thank you. I am indeed one of those who migrated to the nightly to take advantage of the feature. I think I’ll drop back down to aurora once 14 migrates though 😛

    Good to hear about Dkeeler’s progress too; it seems much more sensible to press a Flash box and only have hidden Flash items enabled rather than becoming exposed to Java too. However, I still see it as a concern that enabling all for a site will open up all plugins to vulnerabilities.

  • Bruno says:

    It’s a great improuvement, but i think that the plugin block in not discoverable enought. Wouldn’t, it be a good idea to display the notification too when the user clics on the plugin arena to activate it.

  • Guest says:

    I think it would be best to have an infobar. Like the “You nedd additional plugins to display that page” one.

  • […] Optionally, if the plugins.click_to_play preference is enabled in about:config, plugins will require an extra click to activate and start “playing” content. This mode improves the security of the browser and may be extended in the future to be activated by default in some cases. When on, site-specific permissions can be set. […]

  • Deo Domuique says:

    I’d like to know, if I white-list YouTube, will I be able to see embeded videos on third-party websites in the future or I’ll have to white-list each site each time?…

    • msujaws says:

      Unfortunately, we have not implemented the permissions so they would work this way.

  • avatar4antistress says:

    i’d love the same level of setting for HTML5 video/audio (autoplay yes/no)

  • Iraê says:

    I am a huge fan of Firefox and used Flashblock for many years… but Flashblock was never so smooth to use and this is the feature I am most exited with in a long wile in Firefox evolution.

    For years now I disable almost all plugins, Java, Flash, Quicktime plugin, etc. When I needed one plugin I needed to enable it manually. Now I can let some of then on and some off. This is amazing.

  • Gian says:

    The next step that would be nice to implement is a preview placeholder. Instead of showing a dark rectangle for everything i’d love to see a screenshot of the first image seen when the plug-in is running. For example for embedded videos i’d like to see what you see before start playing them (with something, an icon?, blended in the image to have the user understand it’s the placeholder).
    This can help the user understand what he wants to activate and what not. For websites with lots of videos integrated is quite difficult to just have a lot of placeholders without any previewing option to help choose what to activate and see.

    I don’t know if activating the plugin(s) just to take a screenshot and then close it is an overkill. Another option would be to have websites (web developers) create another way to embed videos / plugins, having a “preview image” provided inside the html tags so the browser, if the user wants to load just preview images, loads it instead.
    Maybe YouTube would be a nice start to experiment that?

    • msujaws says:

      We can’t activate a plugin to get a preview because that defeats the purpose of this feature. This feature is designed to mitigate drive-by attacks from sites that exploit vulnerabilities in plugins. Activating the plugin to get a preview would expose users to those same risks.

      Alternatively, a site could provide its own preview by placing a placeholder element where the plugin would be located. When the user clicks on the placeholder element, the site could swap the placeholder element and the plugin. This UI would require users to make 2 clicks to activate a plugin, but it does provide the ability for a placeholder. It’s something to consider, but I think the best solution would be to not use a plugin 😉

  • bzt says:

    A very interesting feature I am looking forward, this might save me having an addon installed that does a similar thing.

  • Abderrahim says:

    Wouldn’t it be great, if we can see what plugins are going to allow, when we click “Activate Plugins” ?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

What’s this?

You are currently reading Site-specific permissions for Firefox’ opt-in plugins at JAWS.


%d bloggers like this: