-
Notifications
You must be signed in to change notification settings - Fork 972
Flash Support Deprecation Proposal
Like Chrome, our goal is to help move the web platform towards HTML5 instead of Flash as fast as possible. We tried not supporting Flash, but it turns out a lot of popular sites don't work. In Brave 0.11+, Flash content will be supported but only in click-to-play (CtP) mode and not bundled/installed by default.
Like Chrome plans to do, we will stub navigator.plugins[] and navigator.mimeTypes[] to pretend that Flash isn't installed so the site loads any available HTML5 fallback.
All Flash content is click-to-play by default, and CtP approvals last for a maximum of 7 days before the user has to CtP again.
Visible Flash object elements above a certain size are replaced with a CtP placeholder in the DOM. When the placeholder is right-clicked, the user can choose either 'Allow this time' (allows Flash from the top-level origin to run until the tab is closed or navigated to a different top-level origin) or 'Allow persistently' (allows Flash on the top-level origin for the next week).
In the future we may allow Flash to be whitelisted on a per-object or a per-resource-origin level.
Some sites like Pandora will auto-redirect the user to the Flash installer page once they detect that Flash isn't installed, ex: via 'flash' in navigator.plugins. For users who already have Flash installed, we can intercept the request to get.adobe.com/flashplayer and instead show a notification bar asking the user for permission to run Flash on Site X. Clicking Allow from the notification bar will whitelist all Flash on the site temporarily.
Some sites use invisible or very-small Flash objects, ex: for copying to clipboard or audio. In this case, it is not practical to show a placeholder. We can either ignore these for now until there are sufficient support complaints or we can show a notification bar to allow all Flash on the site when there is at least 1 non-visible Flash object on the page.
Related issue: https://github.com/brave/browser-laptop/issues/2615 PR: https://github.com/brave/browser-laptop/pull/7528
If someone wants to un-whitelist sites before the 1-week expiration period, they can do so via the Site Exceptions dialog in about:preferences#security.
There should be an option in about:preferences#security to disable Flash integration entirely (so flash.init() will not be called). Flash is currently default off.
If Flash isn't working on a site, check the following before opening an issue:
- Did you go to https://get.adobe.com/flashplayer in Brave to install Flash? Even if Flash has been installed before, it may not be the version that is required for Brave.
- Is Flash enabled in Preferences > Plugins (about:preferences#plugins) in Brave?
- If a site still thinks Flash isn't installed and displays a link for you to install Flash, click the link. Brave should detect this and show a notification asking whether you want to run Flash on the site.
- If all else fails, click the Brave icon in the top right and turn Shields off.
If Brave does not detect your Flash installation on Linux:
- Create
/usr/lib/pepperflashplugin-nonfree/if it doesn't already exist. - In it, copy
libpepflashplayer.soandmanifest.jsonfrom a working Chrome/chromium profile directory.
To check if Flash is installed and enabled:
- Go to homestarrunner.com.
- You should see a placeholder telling you to right-click to run Flash.
insecurity test
Vertical Side Tabs Tab Suspender