Bug 273574

Summary: Konqueror suggests installing nonfree Adobe Flash
Product: [Applications] konqueror Reporter: leo_rockway <leo>
Component: khtmlAssignee: Konqueror Developers <konq-bugs>
Status: RESOLVED UPSTREAM    
Severity: wishlist CC: jjm, martin.sandsmark, pino
Priority: NOR    
Version: unspecified   
Target Milestone: ---   
Platform: Arch Linux   
OS: Linux   
Latest Commit: Version Fixed In:
Sentry Crash Report:
Attachments: Konqueror offering to install Adobe Flash

Description leo_rockway 2011-05-18 18:20:16 UTC
Created attachment 60123 [details]
Konqueror offering to install Adobe Flash

Version:           unspecified (using KDE 4.6.2) 
OS:                Linux

Konqueror offers installing Adobe Flash when it can't find a suitable plugin to play swf files.

Reproducible: Sometimes

Steps to Reproduce:
* Navigate to a site that serves swf files (it only works if you don't have a Flash plugin installed and if you hadn't previously dismissed the pop up)


Actual Results:  
* A Konqueror pop up suggests downloading Adobe Flash

Expected Results:  
* I'd expect KDE not to suggest nonfree software

KDE is free software. KDE4's motto when it came out was Be Free. Suggesting nonfree software undermines the effort of all the free software hackers working to make KDE better.
I'm attaching a screenshot that I found online of the pop up in question. The pop up nowadays points to Adobe's site if I remember correctly. I have taken a screenshot myself on a different computer and I can upload it if necessary.
Comment 1 Pino Toscano 2011-05-20 12:05:22 UTC
This is most probably the HTML page itself saying where to find the missing plugin, so KHTML is just reporting this information.
Comment 2 leo_rockway 2011-05-20 18:27:09 UTC
While there are some pages that do have pop ups saying that you need Adobe Flash, I made sure before reporting this bug that in this case this is a Konqueror pop up requesting to install the nonfree plugin.
Comment 3 Pino Toscano 2011-05-20 18:33:43 UTC
The point is not "who popups", but "where is the information coming from".
Can you please link an HTML page which shows that behaviour?
Comment 4 leo_rockway 2011-05-20 18:48:28 UTC
I don't have the computer I checked this on at hand, but I remember getting the pop up here, for instance: https://www.adobe.com/software/flash/about/
But any site that serves swf files has the same behaviour with the same exact message in the same pop up. The pop up appears only if you haven't dismissed it in the past.

Being Adobe's site itself, even the message makes it evident that the pop up isn't from the page, otherwise it wouldn't say "Do you want to download one from adobe.com" as if Adobe were a third party. If Adobe were showing that pop up it would say something like "You don't have Flash installed it, click here to download it". Also, I checked the source of that site and of other sites with that same behaviour and there's no indication of a pop up like that.
Comment 5 Maksim Orlovich 2011-05-20 19:11:00 UTC
The message box is ours, but the URL comes from the webpage:
pluginspage="http://www.adobe.com/go/getflashplayer"
Comment 6 leo_rockway 2011-05-21 09:12:13 UTC
I see that's quite correct. http://www.ultrasounds.com points to macromedia.com instead of adobe.com and the pluginspage value is http://www.macromedia.com/shockwave/download/index.cgi?P1_Prod_Version=ShockwaveFlash
I wasn't aware of the function of the pluginspage var, thanks a lot for commenting.

So it's quite evident from this that the messages within the popups are the websites' fault and not Konqueror's fault, which is only relaying the message the website intended us to see.

I'd personally like it if the messages didn't pop up at all but that would be modifying the intended way the website was to be perceived, so I don't know if that would be right.
Comment 7 leo_rockway 2012-02-13 01:50:49 UTC
I thought I had commented this, but considering that sites can set whatever pluginspage they want, a warning in this pop-up would be nice. Something like: This website recommends downloading a plugin from this address $pluginspage do so at your own risk.
I mean, it could very well be used for phishing, since the pop-up appears to be coming from the browser itself.
Comment 8 Martin Sandsmark 2014-01-03 05:19:38 UTC
Maybe something like this?:

@@ -599,7 +599,7 @@ void HTMLObjectBaseElementImpl::slotPartLoadingErrorNotify()
             KUrl pluginPageURL(embed->pluginPage);
             QString shortURL = pluginPageURL.protocol() == "http" ? pluginPageURL.host() : pluginPageURL.prettyUrl();
             int res = KMessageBox::questionYesNo( part->view(),
-                                                  i18n("No plugin found for '%1'.\nDo you want to download one from %2?", mimeName, shortURL),
+                                                  i18n("No plugin found for '%1'.\nThe website links to %2 to download a plugin, do you want to download this?\nWARNING: This plugin may contain malicious code.", mimeName, shortURL),
                                                   i18n("Missing Plugin"), KGuiItem(i18n("Download")), KGuiItem(i18n("Do Not Download")), QString("plugin-")+serviceType);
             if (res == KMessageBox::Yes)
             {
Comment 9 Jonathan Marten 2021-04-20 13:30:41 UTC
Flash and Netscape plugins are no longer supported.