User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:17.0) Gecko/20100101 Firefox/17.0 Build ID: 20121128204232 Steps to reproduce: Enabled `plugins.click_to_play`. Installed HP SimplePass password manager. Actual results: The HP SimplePass (fingerprint scanner password manager) plugin no longer runs. Expected results: There should be a way to add plugins to a whitelist, where they will always be allowed to run even with `plugins.click_to_play` enabled. I would like to keep most plugins opt-in, with an exception(s) - which I would like to add to the proposed whitelist. At the moment, it is possible to whitelist sites (domains), but this is a plugin that should be allowed to run on every domain, while other plugins remain opt-in.

I suspect that this is WONTFIX, but I'm going to make a pass through the set of CTP bugs and try to come up with a coherent plan early in January.

(In reply to Bob from comment #0) > At the moment, it is possible > to whitelist sites (domains), but this is a plugin that should be allowed to > run on every domain, while other plugins remain opt-in. Sounds interesting...

This should be easy to do with a pref, even if we don't want to add UI for it.

See also bug 776432.

This will be accomplished by the addons manager UI, which (unless plugins are known to be insecure) will allow users to have always-on, always-disabled, or click-to-play behaviors. I'm just going to mark this a duplicate of that bug.