InformAction Forums

I have the Evernote Clipper extension installed and I am trying to clip http://www.cbc.ca/news/investigates/rcm ... -1.3850018. I get a clickjacking message. I tried adding an XSS exception for and Neither worked. I am running NoScript 2.9.0.14. This is the message from the console:

First off, ClearClick is not XSS filter. ClearClick exceptions go in about:config > noscript.clearClick.exceptions

Next is, these exceptions are not necessarily regexes. They follow ABE site syntax. See ABE Rules .pdf page 5 (ignore the special all-caps tokens).

Now, I don't remember offhand which way this goes. But the first exception I'd try is just Please add that on the end, separated by a single whitespace, and let us know if it works.

Also, please use the "Report" button on the Clickjacking Warning dialog, and tell me the report ID you get.

I have the same problem - and I found no working way to add the reported string to about:config > noscript.clearClick.exceptions.

The string does not resemble a normal website, it looks like
There is no website after the // - just a hash consisting of lower-case letters, numbers and "-".

I tried some strings, but none worked, e.g. moz-extension://*

Report-Id: 650476

Does it work in noscript.clearClick.subexceptions instead?
(That's not so safe. It is only a test.)

Yes I think that worked - at least with the one site, which always triggered the clearClick warning. I will have to test it more.

For the record: I added moz-extension://* to noscript.clearClick.subexceptions in about:config

Thanks for the help.

You're welcome.

Once you are sure it works, you'll need to make that exception safer. Try changing it to this - or maybe even That "hash" is a GUID identifying the extension and should be included if possible. This will at least retain clickjacking protection if other extensions' pages get framed.

moz-extension:// is already on the whitelist, so you can't add more detailed expression into the whitelist. Still, it doesn't do the job and kills Web Clipper extension.

What helped me was unticking "Other plugins" in the NoScript's list of blocked items. Can't say it's a safe solution, but does the job...

That may be helpful, thankyou.

If you're comfortable using about:config, then you could add a permanent exception to noscript.allowedMimeRegExp. I'm not certain what syntax would be used for an extension, though...

Has there been any progress with this issue? Same question applies to killing LastPass credentials window...
No new dev builds have been released for a couple of days, nothing to test...

mikolajek wrote:moz-extension:// is already on the whitelist, so you can't add more detailed expression into the whitelist.

Actually, in the previous comments, barbaz wasn't talking about a whitelist entry; he was talking about a ClearClick exception. Have you tried that?

Thrawn wrote:Actually, in the previous comments, barbaz wasn't talking about a whitelist entry; he was talking about a ClearClick exception. Have you tried that?

Oh, indeed, silly me! Yes, adding this expression to the exception list seems to does the job perfectly.

[Editing this post as I learn more ...]
I am also having problems with Evernote Web Clipper (V6.10.2.0), NoScript (V2.9.5.2) and Firefox (V51b8). I tried some of the workarounds in this post and then tried clipping this forum web page and got a ClearClick Warning dialog to which I raised report #674494.

In the same ClearClick Warning dialog, it has a link for the moz-extension://b51030d8-9317-403d-b027-3aaeb2b54bfe/content/global_tools/global_tools.html (different GUID to the one listed in an earlier post). I followed the instructions to add this link to the about:config key "noscript.clearClick.exceptions" but this has not worked. Without it, I get no response with I click on the Evernote toolbar button. With it, I get the Evernote dialog (incompletely rendered) and a ClearClick Warning dialog. Then even if I uncheck the "Continue to block" option in the ClearClick Warning dialog, Evernote Web Clipper will not work.

At the same time, I have unchecked "Forbid other plugins" in the NoScript Options > Embeddings tab.

As I have had this problem for a time, I had first Reset Firefox removing all Addons, clearing settings but keeping history and bookmarks. I first installed the Evernote Addon and then installed others until it stopped working. NoScript is definitely the problem.

Any other workarounds?
Will NoScript be updated to be compatible with Evernote Web Clipper?

We're not apparently allowed to browse the betas folder, but Google suggest there's an early build of NS 3 available here: https://secure.informaction.com/downloa ... -3.0a9.xpi. Anyone has tried it?

mikolajek wrote:We're not apparently allowed to browse the betas folder, but Google suggest there's an early build of NS 3 available here: [...] Anyone has tried it?

NoScript 3.x is only for mobile atm.

@csalsa Did you try adding to noscript.clearClick.subexceptions?