Page 1 of 1
ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 8:28 pm
by GµårÐïåñ
I have never had this issue but suddenly today I am getting this error (Report# 335644) and I was wondering if you can tell me what changed?
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 8:47 pm
by therube
URL?
Any Flash items on the page? Flash & <FRAME> combos?
http://www.blogger.com/
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 9:03 pm
by Giorgio Maone
@GµårÐïåñ:
were you logged in or not?
Where did you click exactly?
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 9:18 pm
by GµårÐïåñ
my bad, I reported it and didn't think to mention anything else, since he has access to it. Sorry. It was the blogger site loggin in.
Giorgio Maone wrote:@GµårÐïåñ:
were you logged in or not?
Where did you click exactly?
No I was not. I clicked on the "login" on the top bar, it gave me the login page and then when I submit, it gives me the click jack error. When I click the red x on the dialog box, it continues to work fine and the dashboard loads up but I was wondering why the alert? Do you want me to screenshot each step?
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 9:26 pm
by GµårÐïåñ
Here is the step by step screenshots for the hell of it:
1. Go to the blog:
2. Click on the login on the top brings up this page:
3. Click on login and then it gives the error:
I apologize but there is another report id while I was trying to get these shots for you.
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 10:58 pm
by therube
OK, I duplicated it.
Not sure how exactly?
All plugins checked except for "No placeholder" & "Collapse blocked".
From the above screenshot, I see that blogger is Allowed.
Wasn't sure what else was, so I Allowed Globally.
There was still a blocked object, & I Allowed *@
https://www.google.com.
At that point (I think it was), I got the ClearClick.
Wanted to copy the URL, but instead it opened & the dialog disappeared.
(Guess I can get it from Error Console?) - Yes.
Code: Select all
[NoScript ClearClick] Swallowed event keydown on INPUT/0 at https://www.google.com/accounts/ServiceLoginBox?service=blogger&continue=https%3A%2F%2Fwww.blogger.com%2Floginz%3Fd%3Dhttps%253A%252F%252Fwww.blogger.com%252Fstart%26a%3DALL&passive=true&alinsu=1&aplinsu=1&alwf=true&skipvpage=true&rm=false&showra=1&fpui=2&naui=8
Going through those steps again, I'm not duplicating, so I'm not sure what exactly caused it to transpire.
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Fri Aug 28, 2009 11:18 pm
by GµårÐïåñ
Thank you, at least you were able to reproduce once so we know its there and happening, now let's hope Giorgio can figure out what is actually causing it. I can reproduce every time but in your case, at least we have once and hopefully again.
Re: ClickJacking Error on Blogger/Blogspot (Google)
Posted: Mon Jan 11, 2010 11:00 am
by Giorgio Maone
Known issue, very little to do about it.
There's an hidden frame with a Google login box embedded in Blogspot pages, and it happens to automatically get the focus when page loads.
Therefore, as soon as you hit any key, you're typing into the Google login box and, since you can't see where or what you're typing, ClearClick
rightly warns you.
Notice that if there was no ClearClick and you had password completion enabled for your Google account, as soon as you hit "Enter" when a BlogSpot page loads, you're automatically logged in your Google account
Maybe a work-around would be a GreaseMonkey script or a Surrogate which restores the focus on the top visible page before you use the keyboard...