NOOB Q: blog comments, clickjacking & NS
NOOB Q: blog comments, clickjacking & NS
Newbie question: When accessing the comment manager "disqus" to enter a comment on a popular blog site and I start to type, NS sometimes pops up a "Potential Clickjacking / UI Redressing Attempt!" warning (with almost unintelligible deep jargon and options), sometimes not. What am I to make of that? Obviously, it needs my keystroke input to get my comment, but is NS seeing something beyond that and how am I to know? Thanks in advance.
Last edited by John on Fri May 28, 2010 12:22 pm, edited 1 time in total.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NOOB Q: blog comments, clickjacking & NS
NoScript has a specific ClearClick exception for Disqus.
Maybe they recently changed something in your system which doesn't match this exception anymore.
Could you please send a report from the ClearClick dialog and tell me the assigned ID?
Maybe they recently changed something in your system which doesn't match this exception anymore.
Could you please send a report from the ClearClick dialog and tell me the assigned ID?
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Re: NOOB Q: blog comments, clickjacking & NS
[quote= ...send a report from the ClearClick dialog and tell me the assigned ID?[/quote]
Report sent - Report ID = 897523 --- apologies, I forgot to mention that I was working through an anonymzer service and through their cascade of servers - but, I've been doing that for some time and this has never been a problem before so I suspect something changed on the Disqus side.
Report sent - Report ID = 897523 --- apologies, I forgot to mention that I was working through an anonymzer service and through their cascade of servers - but, I've been doing that for some time and this has never been a problem before so I suspect something changed on the Disqus side.
Last edited by John on Sun May 16, 2010 6:26 pm, edited 1 time in total.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3 ( .NET CLR 3.5.30729)
-
Giorgio Maone
- Site Admin
- Posts: 9524
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: NOOB Q: blog comments, clickjacking & NS
Thanks.
I couldn't reproduce this ClearClick warning in anyway, trying to comment on the blog referenced by your report, but anyway this should be worked around by adding
to your noscript.clearClick.subexceptions about:config preference.
I couldn't reproduce this ClearClick warning in anyway, trying to comment on the blog referenced by your report, but anyway this should be worked around by adding
Code: Select all
*.disqus.com/*/reply.html?*
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Re: NOOB Q: blog comments, clickjacking & NS
G. - Thanks much for the manual fix and change in the recent update to NS. Works fine now. - J.
Mozilla/5.0 (en-US; rv:1.9.1.2) Gecko/20090729 Firefox/3.5.2