false clickjacking warning

Ask for help about NoScript, no registration needed to post
robinx

false clickjacking warning

Post by robinx » Thu Apr 02, 2009 12:02 pm

Hi,
fist my system Kubuntu Jaunty, Firefox 3.1b3, Noscript 1.9.1.6
I have a strange problem on this site http://www.golem.de/0903/66039.html
When the embedded youtube video has the focus and I tune the volume (Volume UP / DOWN keystrocks) of my notebook I get a clickjack warning

They embedd videos with that code

Code: Select all

<table border="0" align="center" cellpadding="0" 
cellspacing="0"><tr>
<td>
<script type="text/javascript" src="http://video.golem.de/jwplayer/swfobject.js"></script>
<div id="golyt_IU_reTt7Hj4">&nbsp;</div>
<script type="text/javascript">
<!--
var ytp = new SWFObject("http://www.youtube.com/v/IU_reTt7Hj4","golyt_IU_reTt7Hj4_video","480","295","7","#000000");
ytp.addParam("wmode", "transparent");
ytp.addParam("quality","high");
ytp.addParam("scale","noScale");
ytp.write("golyt_IU_reTt7Hj4");
//-->
</script>
</td>
</tr><tr>
<td
class="xsmall" align="center"><div style="padding:6px;">
Video: What's in the Box - Test Film 2009
</div></td>
</tr></table>


The problems seems to be that line

Code: Select all

ytp.addParam("wmode", "transparent");

When I make a local copy of this site and delete that line I don't get a click jack warning.

also when starting firefox from the command line it prints

Code: Select all

[NoScript] [NoScript ClearClick] Swallowed event keyup on EMBED/-1 at http://www.golem.de/0903/66039.html

robinx
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090307 Ubuntu/9.04 (jaunty) Shiretoko/3.1b3

User avatar
Giorgio Maone
Site Admin
Posts: 8735
Joined: Wed Mar 18, 2009 11:22 pm
Location: Palermo - Italy
Contact:

Re: false clickjacking warning

Post by Giorgio Maone » Thu Apr 02, 2009 12:15 pm

NoScript Version?
Could you use the "Report" button and tell me the assigned Report Id?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)

Guest

Re: false clickjacking warning

Post by Guest » Thu Apr 02, 2009 12:24 pm

Hi,
I already used a report but didn't noted the report ID

so I did it again

Noscript 1.9.1.6
Report ID 30637

robinx
Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1b3) Gecko/20090307 Ubuntu/9.04 (jaunty) Shiretoko/3.1b3

nagan
Senior Member
Posts: 340
Joined: Thu Mar 26, 2009 11:05 am

Re: false clickjacking warning

Post by nagan » Thu Apr 02, 2009 12:32 pm

Pardon my ignorance.What is the report button ,id and how are they generated?
Dreams are REAL possibilities. Pursue them with zest and you can make them HAPPEN!
You are GOD.Realize THAT!
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8

User avatar
therube
Ambassador
Posts: 7461
Joined: Thu Mar 19, 2009 4:17 pm
Location: Maryland USA

Re: false clickjacking warning

Post by therube » Thu Apr 02, 2009 12:55 pm

The current UI has a "report" button on the dialog when clickjacking is detected.

Image
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.22pre) Gecko/20090327 SeaMonkey/1.1.16pre

User avatar
GµårÐïåñ
Lieutenant Colonel
Posts: 3339
Joined: Fri Mar 20, 2009 5:19 am
Location: PST - USA
Contact:

Re: false clickjacking warning

Post by GµårÐïåñ » Thu Apr 02, 2009 11:46 pm

nagan wrote:Pardon my ignorance.What is the report button ,id and how are they generated?


Just to add, the ClickJacking warning pops up only when it detects an even and on the interface there is a "Report" button which when pressed will send the information and give you a report id number. Since you are on windows the message UI you would see is different than the one therube posted but pretty much the same concept and straightforward as to what to do with it when you get it.

Here is a windows example (please disregard the color, I use a dark theme, but it shows the current UI and the buttons and everything):

Image
generated on blogger clicking the toolbar to login
~.:[ Lï£ê ï§ å Lêmðñ åñÐ Ì Wåñ† M¥ Mðñê¥ ßå¢k ]:.~
________________ .: [ Major Mike's ] :. ________________
Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 FirePHP/0.2.4

Post Reply