ClickJacking Error on Blogger/Blogspot (Google)

[GµårÐïåñ]

I have never had this issue but suddenly today I am getting this error (Report# 335644) and I was wondering if you can tell me what changed?

[therube]

URL?
Any Flash items on the page? Flash & <FRAME> combos?

http://www.blogger.com/

[Giorgio Maone]

@GµårÐïåñ:
were you logged in or not?
Where did you click exactly?

[GµårÐïåñ]

URL?
Any Flash items on the page? Flash & <FRAME> combos?

http://www.blogger.com/

my bad, I reported it and didn't think to mention anything else, since he has access to it. Sorry. It was the blogger site loggin in.

@GµårÐïåñ:
were you logged in or not?
Where did you click exactly?

No I was not. I clicked on the "login" on the top bar, it gave me the login page and then when I submit, it gives me the click jack error. When I click the red x on the dialog box, it continues to work fine and the dashboard loads up but I was wondering why the alert? Do you want me to screenshot each step?

[GµårÐïåñ]

Here is the step by step screenshots for the hell of it:

1. Go to the blog:


2. Click on the login on the top brings up this page:


3. Click on login and then it gives the error:


I apologize but there is another report id while I was trying to get these shots for you.

[therube]

OK, I duplicated it.
Not sure how exactly?

All plugins checked except for "No placeholder" & "Collapse blocked".
From the above screenshot, I see that blogger is Allowed.
Wasn't sure what else was, so I Allowed Globally.
There was still a blocked object, & I Allowed *@https://www.google.com.

At that point (I think it was), I got the ClearClick.

Wanted to copy the URL, but instead it opened & the dialog disappeared.
(Guess I can get it from Error Console?) - Yes.

Code: Select all

[NoScript ClearClick] Swallowed event keydown on INPUT/0 at https://www.google.com/accounts/ServiceLoginBox?service=blogger&continue=https%3A%2F%2Fwww.blogger.com%2Floginz%3Fd%3Dhttps%253A%252F%252Fwww.blogger.com%252Fstart%26a%3DALL&passive=true&alinsu=1&aplinsu=1&alwf=true&skipvpage=true&rm=false&showra=1&fpui=2&naui=8

Going through those steps again, I'm not duplicating, so I'm not sure what exactly caused it to transpire.

[GµårÐïåñ]

Thank you, at least you were able to reproduce once so we know its there and happening, now let's hope Giorgio can figure out what is actually causing it. I can reproduce every time but in your case, at least we have once and hopefully again.

[Giorgio Maone]

Known issue, very little to do about it.
There's an hidden frame with a Google login box embedded in Blogspot pages, and it happens to automatically get the focus when page loads.
Therefore, as soon as you hit any key, you're typing into the Google login box and, since you can't see where or what you're typing, ClearClick rightly warns you.
Notice that if there was no ClearClick and you had password completion enabled for your Google account, as soon as you hit "Enter" when a BlogSpot page loads, you're automatically logged in your Google account
Maybe a work-around would be a GreaseMonkey script or a Surrogate which restores the focus on the top visible page before you use the keyboard...