Safari to tell websites Flash is not installed

Information about Flash, Java, Silverlight, and QuickTime will be hidden from websites in Safari 10, in an effort to push web developers towards HTML5.
Written by Chris Duckett, Contributor

The upcoming release of Safari 10 on macOS will see Apple's default browser hide information on legacy plugins, and attempt to render content via HTML5 alternatives.

By default, websites will not be able to tell if Safari has Flash, Java, Silverlight, and QuickTime installed from the navigator.plugins and navigator.mimeTypes properties.

"On websites that offer both Flash and HTML5 implementations of content, Safari users will now always experience the modern HTML5 implementation, delivering improved performance and battery life," Apple software engineer Ricky Mondello wrote in a blog post.

"This policy and its benefits apply equally to all websites; Safari has no built-in list of exceptions. If a website really does require a legacy plug-in, users can explicitly activate it on that website."

On sites where a HTML5 alternative is not provided, and the user is prompted to install Flash from Adobe, clicking on the link will produce a dialog asking if the user wants to use Flash. Embedded Flash objects will have a "Click to use" placeholder rather than showing the Flash content.

Mondello said once a plugin is enabled, Safari will continue to use it on that website until the browser has not seen the plugin used for "a little over a month".

For enterprises, managed policies can enable a particular plugin for certain sites.

Apple's shift in plugin support follows similar moves by other browser makers, with Firefox disabling plugin activation by default for all plugins except Flash in 2013.

Google's Chrome and Microsoft's Edge browser pause the playing of unessential Flash objects.

Flash is once again causing a security headache, with Adobe set to take two days to push a critical patch to fix a flaw that is being exploited in the wild.

If exploited, the flaw allows for full access to the affected systems.

Researchers have seen attacks in several countries, including Russia, Nepal, South Korea, China, India, Kuwait, and Romania.

Editorial standards