false clickjacking warning

Post a reply

Smilies
:D :) ;) :( :o :shock: :? 8-) :lol: :x :P :oops: :cry: :evil: :twisted: :roll: :!: :?: :idea: :arrow: :| :mrgreen: :geek: :ugeek:

BBCode is ON
[img] is ON
[url] is ON
Smilies are ON

Topic review
   

Expand view Topic review: false clickjacking warning

Re: false clickjacking warning

by GµårÐïåñ » Thu Apr 02, 2009 11:46 pm

nagan wrote:Pardon my ignorance.What is the report button ,id and how are they generated?
Just to add, the ClickJacking warning pops up only when it detects an even and on the interface there is a "Report" button which when pressed will send the information and give you a report id number. Since you are on windows the message UI you would see is different than the one therube posted but pretty much the same concept and straightforward as to what to do with it when you get it.

Here is a windows example (please disregard the color, I use a dark theme, but it shows the current UI and the buttons and everything):

Image
generated on blogger clicking the toolbar to login

Re: false clickjacking warning

by therube » Thu Apr 02, 2009 12:55 pm

The current UI has a "report" button on the dialog when clickjacking is detected.

Image

Re: false clickjacking warning

by nagan » Thu Apr 02, 2009 12:32 pm

Pardon my ignorance.What is the report button ,id and how are they generated?

Re: false clickjacking warning

by Guest » Thu Apr 02, 2009 12:24 pm

Hi,
I already used a report but didn't noted the report ID

so I did it again

Noscript 1.9.1.6
Report ID 30637

robinx

Re: false clickjacking warning

by Giorgio Maone » Thu Apr 02, 2009 12:15 pm

NoScript Version?
Could you use the "Report" button and tell me the assigned Report Id?

false clickjacking warning

by robinx » Thu Apr 02, 2009 12:02 pm

Hi,
fist my system Kubuntu Jaunty, Firefox 3.1b3, Noscript 1.9.1.6
I have a strange problem on this site http://www.golem.de/0903/66039.html
When the embedded youtube video has the focus and I tune the volume (Volume UP / DOWN keystrocks) of my notebook I get a clickjack warning

They embedd videos with that code

Code: Select all

<table border="0" align="center" cellpadding="0" 
cellspacing="0"><tr>
<td>
<script type="text/javascript" src="http://video.golem.de/jwplayer/swfobject.js"></script>
<div id="golyt_IU_reTt7Hj4"> </div>
<script type="text/javascript">
<!--
var ytp = new SWFObject("http://www.youtube.com/v/IU_reTt7Hj4","golyt_IU_reTt7Hj4_video","480","295","7","#000000");
ytp.addParam("wmode", "transparent");
ytp.addParam("quality","high");
ytp.addParam("scale","noScale");
ytp.write("golyt_IU_reTt7Hj4");
//-->
</script>
</td>
</tr><tr>
<td 
class="xsmall" align="center"><div style="padding:6px;">
Video: What's in the Box - Test Film 2009
</div></td>
</tr></table>
The problems seems to be that line

Code: Select all

ytp.addParam("wmode", "transparent");
When I make a local copy of this site and delete that line I don't get a click jack warning.

also when starting firefox from the command line it prints

Code: Select all

[NoScript] [NoScript ClearClick] Swallowed event keyup on EMBED/-1 at http://www.golem.de/0903/66039.html
robinx

Top