I welcome this move, despite the possibility of some fallout from the change. It'll be painful, but even as someone who once made a living writing ActionScript, I have to say that Flash is sufficiently annoying and insecure that it really needs to be phased out.
In the short term, this will probably cause some breakage in certain sites that try to use Flash "transparently" and "unobtrusively" for things like LSOs, drag-and-drop, clipboard access, or cross-domain XHR. These are already problematic with Flashblock installed though -- Pandora, for instance, refuses to load and there is nothing available to click-to-play since that particular Flash object is hidden.
Hopefully this will light a fire under those sites and get them to update to the appropriate HTML5 methods of doing these things (local storage, WebSockets, etc.), just like how Java applets that were used for such things have been largely phased out. Until then, however, I wouldn't be surprised if some of them simply inform you not to use Firefox to visit.
To take care of the invisible Flash object problem, Firefox could copy what Chrome does for Java applets and have a bar pop up at the top of the whole page, asking if you want to allow Flash to run on the site in question.
Pandora uses jPlayer to play audio which has an invisible Flash component to play mp3s on browsers that don't support it.
If Firefox requires 'click-to-play' on an on-screen piece of Flash to enable it, all sites using jPlayer to play mp3 simply will not work.
And of course this doesn't just affect jPlayer, many other players use this technique.
Much better -- as mistercow reasons -- to have a pop-up asking you if you wish to run Flash on a particular site and I would love to see an 'always allow' option here.
TL;DR there is a licensing issue with the MP3 decoder. It's more complicated than that, but most of it is due to software patents. http://en.m.wikipedia.org/wiki/MP3#section_10 has more info if you're curious.
I use Chromium, and have old flash installed. Every page shows me this bar asking me to update flash, with button to enable all flash on this page. It's very convenient, even more than FlashBlock on Firefox was.
No it's not, because if the Flash object is invisible, it simply does not give you any way to enable them unless you go to the preferences and explicitly add an exception.
This was my entire point in the first place, if you look up at the beginning of the thread. For example, turn on click-to-play and then go to pandora.com. If Chrome treated Flash the same as Java, you would still be able to use pandora easily.
read his post again. he's not talking about the click-to-play ui. there's a puzzle piece icon in the taskbar. clicking it displays a drop-down menu, and even if the flash is invisible you can choose the "enable flash on this page" option.
A problem I found with Chrome's current implementation is on pages where you don't even know flash is being used, Google Translate and Soundcloud for example, after thinking the site was broken I remembered I had click-to-enable active.
Indeed, this happens to me too. And I think this is why Mozilla will need to have a very good UI to tell the user how to fix a broken site (or just fix it for them e.g. through a crowd collective).
That's not a problem because Firefox has support for CORS, which is better than doing Flash because it's faster.
Of course, the server must cooperate with the browser by passing back allowance headers, but that's also true for Flash, as you need the server to have a crossdomain policy file for that.
> That's not a problem because Firefox has support for CORS, which is better than doing Flash because it's faster.
That's nice for a new site being developed right now, it's problematic for a site which has been stable in production for months or years and for which everybody involved in the development has moved on already.
If that site is the case, then lack of maintenance will have reared its ugly head long before a lack of Flash (or, the inclusion of it) broke their site.
horse-and-cart didn't stop working when the automobile came around. The proposal here is that we shoot all horses and burn all carts because somebody somewhere has started driving an automobile.
As an alternative, rather than requiring that all Flash shims have some sort of screen real-estate of their own to overlay a click-to-play control onto, perhaps hidden embedded Flash (or Java, or ActiveX, or whatever) objects could request the browser to prompt for their activation with an information bar.
I was thinking of postMessage, I haven't used CORS before but it looks like it ends up giving the same kind of outcome. In my case though I control the server have have the JS on 3rd parties so it is the reverse to what you are saying.
Minus a couple of restrictions (i.e. with CORS you cannot rely on cookies being set, so you need to handle that from your Javascript somehow), CORS works well and it works on all major browsers, starting with IExplorer 8, which makes it awesome.
For this feature, there will also be an option to enable plugins for websites that have them hidden such as Pandora. And in addition it will be possible to whitelist/blacklist websites.
In the short term, this will probably cause some breakage in certain sites that try to use Flash "transparently" and "unobtrusively" for things like LSOs, drag-and-drop, clipboard access, or cross-domain XHR. These are already problematic with Flashblock installed though -- Pandora, for instance, refuses to load and there is nothing available to click-to-play since that particular Flash object is hidden.
Hopefully this will light a fire under those sites and get them to update to the appropriate HTML5 methods of doing these things (local storage, WebSockets, etc.), just like how Java applets that were used for such things have been largely phased out. Until then, however, I wouldn't be surprised if some of them simply inform you not to use Firefox to visit.