ClearClick bypass

[Tomaskom]

I noticed that the ClearClick protection can be bypassed by the user, if one uses the Tab key to navigate through links on the site and spacebar to activate them. My guess is that ClearClick works only for actual mouse clicks. Is this a known behavior, unknown but acceptable behavior or a bug?
Tomáš Komárek

[Giorgio Maone]

Not sure. Proof of concept?

[Tomaskom]

Not sure. Proof of concept?

• Go to http://www.zajdem.cz/
• try clicking on the "Zajdem" link on the bottom of the page (link to their Facebook page) -> ClearClick disables it
• Without disabling clearclick for this link, keep pressing the Tab key until the "Zajdem" link is highlighted (only the text, not the whole frame with icon etc)
• Press Enter (not spacebar, my bad) -> link is activated without ClearClick protection

[Giorgio Maone]

Not sure. Proof of concept?

• Go to http://www.zajdem.cz/
• try clicking on the "Zajdem" link on the bottom of the page (link to their Facebook page) -> ClearClick disables it
• Without disabling clearclick for this link, keep pressing the Tab key until the "Zajdem" link is highlighted (only the text, not the whole frame with icon etc)
• Press Enter (not spacebar, my bad) -> link is activated without ClearClick protection

OK, that's not a bug, and not a problem either.
In that specific page, actually, it's a false positive due to the way the like button is embedded (the underlying Facebook document is much bigger than the portion actually shown).
Anyway, the difference in behavior is due to ClearClick checks for keyboard events being circumscribed to the element having focus (the link in this case), while clicks cause a broader geometry to be used to add more context and reduce false negatives.

[Tomaskom]

Thanks for detailed explanation, nice to see everything is all right
Anyway, better to have a few false positives than to have some potentially harmful cases ignored