Page 1 of 1
[RESOLVED] Clickjacking false positive?
Posted: Tue Jul 28, 2015 5:12 pm
by barbaz
was just trying to open last closed tab with Cmd-Shift-T, and it didn't happen and NoScript gave me a clickjacking warning?
Screenshot toggle was between a blank page and the page I was on.
False positive or actual clickjacking (rather, er, "keyboard-jacking")?
Report ID: 227810
Re: Clickjacking false positive?
Posted: Wed Jul 29, 2015 12:59 am
by Thrawn
I don't think that that could be actual clickjacking. It would have to be a false positive.
Re: Clickjacking false positive?
Posted: Wed Jul 29, 2015 3:07 am
by barbaz
Well, I was on a YouTube video page watching a Flash video, so I thought it could be possible that NoScript swallowed that keystroke to prevent Flash getting it - although it's never done that before...
(offtopic: What info is contained in a NoScript clickjacking report?)
Re: Clickjacking false positive?
Posted: Sat Oct 03, 2015 7:31 pm
by barbaz
bump
Re: Clickjacking false positive?
Posted: Sat Oct 03, 2015 9:08 pm
by Giorgio Maone
A clickjacking report contains the two rectangles whose comparison triggered ClearClick and the two URLs, of the top document and of the subdocument.
Yes, it's a false positive due to the fast switching in keyboard focus.
Re: Clickjacking false positive?
Posted: Sun Oct 04, 2015 1:07 pm
by barbaz
Thanks.