How to turn off clearclick?

[LostTwoHours]

I was pretty sure I turned off nearly everything except the javascript turning on and off features of NoScript.

Now I saw in the Browser Console (Firefox 41.0.1) that NoScript actually did show Clearclick messages.

The current problem is on the banking site of commerzbank.de, when trying to advice money.
There is no doubt that the programmers of the commerzbank-website are noobs. (Believe me, I have suffered for years, and I'm not the only one judging them that way.)

Still this two hour loss shouldn't have happened in the first place, as NoScript had no business to silently do these clearclick stuff. And of course, when I selected 'no clearlick messages' in the options, I thought I had turned it off. And when I deselected clearclick on the other three checkboxes hidden in the options, it should have been definitly been turned off.

Any help? Or should we depart here? (I suspect clearclick to have blocked other illdesigned javascripts, too.)

And what had google.com to do with it? Something alng the line: 'rapid fire form http://www.google.com in 400 ms'?

[barbaz]

The current problem is on the banking site of commerzbank.de, when trying to advice money.
There is no doubt that the programmers of the commerzbank-website are noobs. (Believe me, I have suffered for years, and I'm not the only one judging them that way.)

Oh I hear you. I for one also hate to visit badly-designed sites and then find that it's needed to do something "special" just to make it work the way the site programmer(s) intended.

Still this two hour loss shouldn't have happened in the first place, as NoScript had no business to silently do these clearclick stuff

Because when two hours of time are at stake, it is simply unfair and unjust to be protected from, say, clickjacking, especially on a badly-designed website?

And of course, when I selected 'no clearlick messages' in the options, I thought I had turned it off. And when I deselected clearclick on the other three checkboxes hidden in the options, it should have been definitly been turned off.

There are two ClearClick-related checkboxes in NoScript Options, and both are under the "ClearClick" tab in NoScript Options > Advanced ...

Any help?

Help with what? Can you please clarify?

Or should we depart here?

Hmm... idk. I'll get back to you on this later.

(I suspect clearclick to have blocked other illdesigned javascripts, too.)

Sounds like a good thing.

And what had google.com to do with it? Something alng the line: 'rapid fire form http://www.google.com in 400 ms'?

Did you have google.com open in another tab? If so this has been reported before, viewtopic.php?f=10&t=21597

[LostTwoHours]

1. Indeed the linked report seems to be the same bug. But it seems to me there is more to it.
2. In my case it reacted on mousedown, mouseup and click.
3. I had google open in another tab.

There are overall three clearclick-related checkboxed. I had turned off all three.
?????WHY did NoScript anyway perform those clearclick checks?????
Rapidfire-checks seem to have no checkboxes at all in the options.

My guess is, that you have an error in array-handling.

During all this there was another error when I tried to switch on and off commerzbank-website from "allow"/"forbid":
The error ub the browser-console was something like 'chrome-list could not add to list /', and an immedeatly a second error like 'chrome uri .... /'. There was on the right site of the webconsole no link to where the error happened, if I remember it correctly.

Actually commerzbank-website javascript seemed only to work correctly again, after I deinstalled and reinstalled NoScript.

Where I come to an third error: After deinstalloing NoScript the NoScript-settings in about:config were still left behind. (Turned out to be good, because so I hadn't to newly set the options on the new NoScript-installation.

[barbaz]

Rapidfire-checks seem to have no checkboxes at all in the options.

OK then try toggling about:config > noscript.clearClick.rapidFireCheck

Where I come to an third error: After deinstalloing NoScript the NoScript-settings in about:config were still left behind. (Turned out to be good, because so I hadn't to newly set the options on the new NoScript-installation.

Not an error, that's actually by design for exactly the reason you stated.

[Thrawn]

?????WHY did NoScript anyway perform those clearclick checks?????

NoScript has several built-in defences against known web exploits; probably the best-known of these features is the XSS filter, but ClearClick is important too.

The vulnerabilities in question are very real, although you might have been fortunate enough not to come across them.

Rapidfire-checks seem to have no checkboxes at all in the options.

ClearClick is a module, designed to detect and prevent clickjacking - as a whole. Rapid-fire checks are just one part of detection. You can toggle the whole module from the options dialog, but fine-tuning it is a more advanced topic, better suited to about:config.