Asaf Romano (gone) Reporter
	Description • 13 years ago

Safari defaults to "[✔] open "Safe" files [quotation marks in original] after downloading", noting that " "Safe" [quotation marks in original, still] files include movies, pictures, sounds, PDF and text documents, and archives". Firefox, on the other hand, asks you what do for each of these types[1] the first time you download a file, selecting, by default, the default system app for the mime type in question, and letting you the option to "Do this automatically for files like this from now on". The checkbox is not checked by default. I assume most users just click OK every time this dialog is opened.
Whatever your choice is, you can [try to] change in later in the Applications preferences pane. That's very likely the most complicated piece of UI we have in Firefox. The one thing you cannot do there is to choose to open, say, PDFs with Preview.app prior to the first time you actually "visit" a PDF.

I do seem to recall that Firefox used to default to a similar behavior for "safe" files, and at some point (probably a little bit before Firefox 1.0, or maybe 1.5) it was disabled due to security concerns. I might be wrong about this. Either way, I don't think we're going to implement this XP.

All of this had come up as I've been rewriting the Safari Profile Migrator[2]. When Ben G. wrote the old migrator, he decided to migrate this preference only if the user explicitly chose _not_ to open safe files. In that case, the old migrator removes all handling data for mimetypes that open with an external application. This makes sense perfect sense if you don't think about the actual use cases for migration... If you migrate from Safari right after installing Firefox, we are already set no to open any mime type with an external application. On the other hand, if you migrate from Safari later, you're loosing all the preferences you set for each mime type in Firefox individually (using the download dialog), just because you didn't want the all-in-one solution Safari has.

For the new migrator, there are few options to consider:
1. Just ignore the Safari preference
2. Migrate it for real on both Mac and Windows.
3. Migrate it for real just on Mac.
4. Change our default behavior on Mac regardless of migration.
5. Do [1] and revisit this if someone actually complains.

[1] is easy and, in my opinion, better than the current behavior. [3] and [4] are pretty much the same, given that the migrator will run for almost all mac users. Being the same, they both suffer from the issue of having a different UE on Mac. [2] suffers from the same issue, but it keeps the migration behavior consistent.

[5] is also an option, given that no one really complained about the current migrator behavior, as bad as it is.

CCing both ux and security peers for input[3].

----
[1] Potentially for each mime type, but I'm not sure yet, the applications preferences pane groups by application, not my type, but it might not be in sync with the what-to-do-with-this-particular-file dialog.
[2] Keep in mind this migrator runs for almost all mac users. Also keep in mind the new migrator works on Windows
[3] Is the uiwanted keyword still in use?

	Alex Limi (:limi) — Firefox UX Team
	Comment 1 • 13 years ago

(In reply to Mano from comment #0)
> I do seem to recall that Firefox used to default to a similar behavior for
> "safe" files, and at some point (probably a little bit before Firefox 1.0,
> or maybe 1.5) it was disabled due to security concerns. I might be wrong
> about this. Either way, I don't think we're going to implement this XP.

We're going to change this behavior and have a whitelist as well (I already discussed this with the security team), probably as a follow-up to the new Download Manager (the panel variant that Paolo has been working on). I agree that we shouldn't assume anything about when that will land, though.

> For the new migrator, there are few options to consider:
> 1. Just ignore the Safari preference

This would be my instinct. They work differently, and I wouldn't assume we can mape a somewhat related (but different) preference to something that is almost-but-not-quite-the-same.

> [3] Is the uiwanted keyword still in use?

Yes, just backlogged these days. In our Q1 goals to get this back under control. :)