Closed
Bug 1298083
Opened 9 years ago
Closed 9 years ago
Don't hide blocklisted Flash from navigator.plugins
Categories
(Core Graveyard :: Plug-ins, defect, P2)
Core Graveyard
Plug-ins
Tracking
(firefox52 fixed)
RESOLVED
FIXED
mozilla52
| Tracking | Status | |
|---|---|---|
| firefox52 | --- | fixed |
People
(Reporter: benjamin, Assigned: blassey)
References
Details
Attachments
(1 file)
|
1.36 KB,
patch
|
benjamin
:
review+
mconley
:
feedback+
|
Details | Diff | Splinter Review |
When Firefox is set up to hide click-to-play Flash from navigator.plugins, this shouldn't affect the case where Flash is click-to-play because it is marked as vulnerable.
The reason for doing this is risk mitigation: the current UI has a risk of false-negatives which means sites become unusable, and that may affect our ability to deploy blocks. For now, we don't want any of this work to affect plugin blocking.
|
Reporter | |
Updated•9 years ago
|
Priority: -- → P2
|
Assignee | |
Comment 1•9 years ago
|
||
been working on a test for this for a while and coming up empty.
Attachment #8789057 -
Flags: review?(mconley)
|
||
Comment 2•9 years ago
|
||
Comment on attachment 8789057 [details] [diff] [review]
dont_hide_blocklisted.patch
Review of attachment 8789057 [details] [diff] [review]:
-----------------------------------------------------------------
Sorry it's taken me so long to get to this - eating my way up through my review queue now.
This looks reasonable, but I don't really think I'm comfortable reviewing stuff in nsPluginArray.cpp. My experience with the more platform-y parts of plugins is limited at best. You might want bsmedberg to give this the go ahead.
Attachment #8789057 -
Flags: review?(mconley)
Attachment #8789057 -
Flags: review?(benjamin)
Attachment #8789057 -
Flags: feedback+
|
|
Reporter | |
Comment 3•9 years ago
|
||
Comment on attachment 8789057 [details] [diff] [review]
dont_hide_blocklisted.patch
I'm not sure this is correct, but I had trouble following the code.
For the case we care about here, the blocklist state should be STATE_VULNERABLE_UPDATE_AVAILABLE or STATE_VULNERABLE_NO_UPDATE. That's the case where we end up in a click-to-activate setting by default. The case where the plugin is hardblocked doesn't really apply to Flash.
I think translates to a plugin tag that is *not* IsBlocklisted(). The best check there is probably GetBlockListState() != 0.
r=me with that change
Attachment #8789057 -
Flags: review?(benjamin) → review+
|
|
Reporter | |
Comment 4•9 years ago
|
||
Without an automated test, we should definitely get some manual verification from Michelle.
QA Contact: mfunches
|
||
Comment 5•9 years ago
|
||
QA Update: yes I can arrange for testing
|
|
||
Comment 6•9 years ago
|
||
QA UPdate:
Please review https://docs.google.com/spreadsheets/d/1VNljSnOkciM471nWVI4dQBVF1RUf3ULh-jUU1CT-J-k/edit#gid=971383501 for test results.
Pushed by blassey@mozilla.com:
https://hg.mozilla.org/integration/mozilla-inbound/rev/471872efc401
Don't hide blocklisted Flash from navigator.plugins r=bsmedberg
|
|
||
Comment 8•9 years ago
|
||
| bugherder | ||
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox52:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla52
|
||
Updated•3 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•