This post is based on a presentation I gave at the May 2014 SEAL meeting.
Adobe Flash is an add-on for web browsers that enables them to display animated and interactive content, it is commonly used to display videos and animated advertisements. In recent years many sites have stopped using Flash and have moved to HTML 5 which does not need a browser plug-in. However there as still some high profiles sites which require Flash, good examples are TV catchup sites like the BBC iPlayer and 4oD.
Flash is regularly subject to security issues. While Adobe issues patches and Apple (and the other browser developers) aims to make its use as secure as possible, you may want to limit where you allow Flash to run. With many sites dropping the need for Flash, you probably only use a handful where it’s really required.
Here’s how Flash can be disabled in browsers and enabled only for the sites where it’s really needed. This improves performance on sites where Flash is used but not essential and reduces the risk if you happen to visit a site with malicious Flash content.
Safari
To disable Flash by default on web sites
- In Safari, select Preferences from the Safari menu.
- In the preferences window, select the Security tab. Next to Internet Plug-ins, click the Manage Website Settings button.
- Make sure “Adobe Flash Player” is selected in the list on the left.
- Set When visiting other websites to Ask.
Enabling Flash for a specific site
When you visit a website that uses Flash any Flash content will show the message “Flash blocked for this website”. To enable Flash for a particular site:
- Click the “Flash bocked for this website” message.
- A message stating “Do you want to trust the website…” appears, if you do want to enable Flash for this site, click Trust.
Changing settings for an existing site
Sites which you have configured to run Flash are listed in preferences. To remove a site’s configuration so you are asked again:
- In Safari, select Preferences from the Safari menu.
- In the preferences window, select the Security tab. Next to Internet Plug-ins, click the Manage Website Settings button.
- Make sure “Adobe Flash Player” is selected in the list on the left.
- Select the site you want to change from the list of sites.
- Click the - (minus) button at the bottom of the list to remove the site.
Alternatively you can set how Flash is handled directly for that site. To do this select the required option from the pop-up selector next to the site address.
Further details of this feature along with the definitions of the various options are available on Apple’s Safari: About Internet plug-in management page.
Firefox
To disable Flash by default on web sites
- Select Add-Ons from the Tools menu.
- Find “Shockwave Flash” in the list and set the pop-up selector next to it to “Ask to Activate”
Firefox will block Flash and show an “Activate Adobe Flash” place-holder.
Enabling Flash for a specific site
- Visit the site in question and click the “Activate Adobe Flash” place-holder where the Flash content should be.
- In the “Allow <site> to run Adobe Flash” pop-up request, click Allow Now to run flash on the site until Firefox is closed or Allow and Remember to enable Flash on the site permanently.
Changing settings for an existing site
- Visit the site in question in Firefox.
- From the Tools menu, choose Page Info.
- In the Page Info window, select the Permissions tab.
- Under Activate Plugins, find Adobe Flash and choose the required option. Use Default will allow you to choose again next time if you have the Flash Plug-in set to “Ask to Activate”.
Chrome
To disable Flash by default on web sites
- In Chrome, select Preferences from the Chrome menu.
- Scroll to the bottom and click Show advanced settings.
- Under Privacy, click Content settings.
- Scroll down to Plug-ins and select Click to play.
Chrome will block Flash and display a place-holder with a jigsaw piece icon. Click the icon to run that piece of Flash content.
Enabling Flash for a specific site
- Visit the site in question. In the address bar, click the jigsaw piece icon with a red x on it.
- Choose the Always allow plug-ins on <site> option and click Done.
Changing settings for an existing site
- Visit the site in question. In the address bar, click the jigssaw piece icon with a red x on it.
- Click the Manage plug-in blocking button.
- In the Plug-in exceptions page that opens, you can configure the treatment of plugins on that site using the pop-up selector.
- Alternatively, click the x to remove the site from the list and return it to the default setting (Click to play if that’s what you selected).