Disqus + Patheos = constant Clearclick Clickjacking popups

[El Cid]

This is even with *.disqus.com/*/reply.html?* in the clearclick subexceptions. How do I FIX this?! I don't want to set clearclick protection off for trusted sites just to get rid of this.

[Giorgio Maone]

Could you please use the "Report" button and give me a report ID? Thanks.

[El Cid]

Report ID 127485 just submitted.

[Dwedit]

I have also encountered ClearClick warnings on Betanews.com. That website also uses Disqus for its topics. Setting the option to "disable clearclick warnings for Whitelisted pages" was successful at stopping the warning prompts. But I'm afraid that setting the option to disable warnings might expose me to click-jacking attacks on normal 'Script Allowed' pages. I feel I might be more comfortable with a separate exceptions list for ClearClick than applying it to every website with Scripts Allowed.

Edit: The first post in the topic mentions a "clearclick subexceptions" list. This isn't shown anywhere in the UI of the program. Sounds like a serious problem, where features of the program are hidden from the users. I think I found it in "about:config", but adding *.disqus.com did not stop warnings for that site.

[Giorgio Maone]

Work-around: change the aforementioned noscript.clearClick.subexceptions entry into

Code: Select all

*.disqus.com/*/reply.html

This will be made the default in next release.

Edit: The first post in the topic mentions a "clearclick subexceptions" list. This isn't shown anywhere in the UI of the program. Sounds like a serious problem, where features of the program are hidden from the users. I think I found it in "about:config", but adding *.disqus.com did not stop warnings for that site.

This is not hidden, it's just not shown in the UI to reduce clutter, like many other preferences which are supposed to be edited only in exceptional cases like this.
In order to access them, you just need to open about:config.

[El Cid]

Hi,

This has not been fixed. I have just clean installed Firefox 10.0.1 and NoScript 2.3.1 onto a new Win7 box, and the popups are still coming on a disqus+patheos site even though you have altered the exceptions table in NoScript.

[El Cid]

Hi,

This has not been fixed. I have just clean installed Firefox 10.0.1 and NoScript 2.3.1 onto a new Win7 box, and the popups are still coming on a disqus+patheos site even though you have altered the exceptions table in NoScript.

Report ID 256891 FYI.

[therube]

I don't know if 2.3.1 is the same as the #dev version 2.3.1rc4, but is there any difference if you use the #dev version?

#dev: v 2.3.1rc4.

[El Cid]

This is still not fixed. Every time I click the "reply" box on a disqus based blog hosted on patheos.com, I get the damn popup. Report ID 330700.

[El Cid]

Resolved. I modified the default subexceptions list as follows:

^http://bit(?:ly\.com|\.ly)/a/sidebar\?u= http://*.uservoice.com/*/popin.html?* http://w.sharethis.com/share3x/lightbox.html?* http://disqus.com/embed/* *.disqus.com/*/reply.html *.disqus.com/*/reply.html* http://www.feedly.com/mini abine:*

[Giorgio Maone]

Thank you, I incorporated a variant of your fix in latest development build 2.3.6rc3.