I should have clarified that I meant Chrome, my post was originally Chrome only and I added in Firefox and Safari with an edit

Chrome extensions are nothing more than loading a JS file onload

Yet Chrome has a "Click to Play" feature for all plug-ins which is way more handy than having a second browser or a bunch of extensions.

Go to chrome://chrome/settings/content and look under plug-ins. There is Run automatically (default), Click to play and Block all.

I am using that in my second browser, but I am not as confident in it as all that stands between the user and executing a plugin again is a clickjack

I'd rather have complete separation

Doing a proof-of-concept on a 'click to play' to run a plugin is something that I have been meaning to do

It's not that easy, I think Chrome has some good anti-clickjacking algorithm implemented. I remember once I couldn't enable a Flash video on one site because it had an overlay advert over part of it.

Moreover, you have to right-click and then click "Run this plugin" from the native Chrome menu. I doubt you can create any overlay over native browser's menu.

> Moreover, you have to right-click and then click "Run this plugin" from the native Chrome menu. I doubt you can create any overlay over native browser's menu

It must be different on Windows. I have it enabled on my Mac and it requires a single click to enable a plug-in.

Good to know. Indeed I am on Windows.

Interesting. Please post it on HN if you get a proof of concept.