Hmmm ... I don't think FTP permissions should persist, probably we shouldn't show any permissions in the OIB for FTP pages.

What do others think?

Is there some reason we /wouldn't/ want FTP permissions to persist?

While I'm not super-excited about per-site permissions, I would like to add a BLOCK for JavaScript on ftp://*

Related: https://bugs.chromium.org/p/chromium/issues/detail?id=636981

I'm curious why you would want to block JS on these pages? The JS that is running is bundled with Chrome right?

I'd like to block any JavaScript delivered non-securely, including JavaScript served in FTP-delivered HTML or from FTP-servers, since FTP is a non-secure protocol.

The JavaScript of interest isn't bundled with Chrome, it is supplied by the FTP server itself.

Ah I see, if you go to ftp://ftp.hp.com/pub/alphaserver/archive/news/index.html for example, you can't disable JS for it. 

I'd argue that it would be easier to disable JS by default and enable it on https. I know that doesn't fix the hole here but it should be a good enough workaround. We should fix this though, I think we can address it at the same time we address file: permissions.

Oh, wow, I see now.

This feels like it should treated in a similar way to we treat file:// urls.

(which I should add we are reassessing as well)

 Issue 588722  has been merged into this issue.

***Mass UI Triage***

The UI has changed completely on the latest version as compared to the older version hence archiving. If you have more data to
reproduce this bug or have alternate repro steps, please reopen or file a new issue.
Thanks!