Manage plug-ins on a per-site basis in Safari 7
Apple's new plug-in manager in Safari allows for site-specific customization of plug-in behavior.
As part of its OS X Mavericks release, Apple has included version 7 of its Safari Web browser, which not only offers compatibility with the new operating system, but also brings some enhanced features. One of these is a new plug-in manager that allows you to enable or disable plug-ins, either globally or on a per-site basis.
While the technologies built into Apple's Safari browser are relatively safe and constantly updated, some of the notable security breaches have come from the use of third-party plug-ins such as Java and Flash, among others. Since a good portion of Web content requires a plug-in or two to work, it is not uncommon for users to have Flash and others installed.
Even though plug-in developers like Adobe and Oracle jump on security issues quickly, users may still have an old one installed either that they are unaware of or that they need for specific compatibility.
Apple's approach so far has been to manage some at-risk plug-ins through its XProtect malware management system, which encourages users to maintain the latest versions of these plug-ins by blocking them and offering links to the latest versions. This approach is still in effect in Safari 7, but Apple has now sandboxed Safari's plug-ins by default, and added its own manager that allows you to specify if and when a plug-in can be used.
One option for doing this for past versions of Safari was third-party plug-in managers, but these have had shortcomings and have not been able to block all attempts to load plug-ins.
Apple's plug-in manager is available in the Security section of the Safari preferences, where next to the check box for enabling or disabling plug-ins globally is a button to "Manage Website Settings." Clicking this will bring up a panel that lists the available plug-ins on the left, and when you click each you get a list of site-specific and global settings that include the following:
- Ask -- Prevents the plug-in from loading, but allows it if you click the options to trust the current Web site.
- Block -- Prevent the plug-in from loading.
- Allow -- Allows the plug-in to run on the selected Web site with no placeholder links or warnings.
These three options will allow you to manage the plug-in, regardless of its version; however, as an additional security measure Apple continues to monitor and block out-of-date plug-ins that are a security risk, such as Java and Flash. If these are out of date, then Safari's plug-in manager will display a placeholder that claims the plug-in needs to be updated. Nevertheless, if you still wish to use the current version of the plug-in, then you can choose the fourth "Allow Always" option for it in Safari's plug-in manager.
A final option you will notice in the plug-in manager is to have the plug-in run in "Unsafe Mode" which disables the sandbox that Safari invokes around the plug-in. This allows the plug-in's code to have full access to resources it needs, instead of being limited by the sandbox. Only in rare instances where a plug-in might be broken with Apple's plug-in manger, will you need to use this option.
This feature in Safari should give you complete control over your plug-ins; however, keep in mind that third-party plug-in managers may interfere with and override this feature, so if you have one installed, then you might consider disabling it if you wish to use Safari's plug-in manager.