InformAction Forums

Pretty much every time I click an email after starting or restarting the browser, NoScript warns me of a clickjacking attempt.

Could you use the "Report" button and give me some IDs?

Done, on two separate emails: Report ID 1352829 and Report ID 1352831.

Mmm, I can't locate this "Hide recipients" button on my Yahoo! Mail page.
I'm NOT using classic, but you named a "new" beta?
Are there currently 3 Yahoo! mail versions (Classic, "Stable" (formerly beta) and "new" Beta)?
If so, how can I access the "new" beta?

Yuo there are currently three version of yahoo mail. Classic, stable and beta. Click http://features.mail.yahoo.com/ to enable.

Just to be clear, I'm not clicking "hide recipients", I'm merely clicking anywhere in the email or the scrollbar of the iframe that displays the email to read down.

Unfortunately this seems to be a Yahoo! Mail Beta bug: if you look closely, you'll notice the splitters (the slim bars offered to handle panel resizing) overlap the frames they're meant to divide.
For instance, the horizontal one splitting the Inbox between the message list and the preview box is very easy to spot, since it partially covers the scrollbar on the right.
Since the frame you're clicking is partially concealed, ClearClick (rightly) complains.
I could work-around by reducing ClearClick's sensitivity, but I believe this one is a true bug (if nothing else, those covered scrollbox are really ugly) and should be fixed on Yahoo! side.

Update: filed this feedback entry.
Not sure whether there's a more effective way for reporting...

I think they've updated the beta now, as the favicon changed and I'm not seeing the issue any more.

I am still receiving the clickjacking error after the "favicon" update to Yahoo Mail Beta.

The behaviour is inconsistent and dependent on the source email. I can't seem to isolate a common theme.

Any help is appreciated.

be wrote:I can't seem to isolate a common theme.

Could you send one or more reports when it happens, and post here your report IDs?

Sure. Report IDs: 1678246, 1678248, 1678251

Environment: Windows 7 32 bit, Firefox 3.6.17, NoScript 2.1.0.3

Thanks Giorgio!

I've never stopped getting the click jacking warnings admittedly. Though some days are good, I only get one or two, others it seems every click is a clickjack attempt.

1713434

That one was especially frustrating. I clicked the link and it worked fine, then I closed the page by accident, so clicked the link again and got a warning. I can't help but feel it's broken from a users point of view. Clicking a link in an email that is in no way obscured or hidden should not invoke a warning.

I've been trying to report as much as possible lately in a bid to try and get this resolved. Whether part of the frame is hidden or not isn't the issue here, it's about are you clicking the link you intended to click and going to that location, if the answer is yes, then NoScript is clearly overstepping it's boundaries.

sabret00the wrote: Clicking a link in an email that is in no way obscured or hidden should not invoke a warning.

Looking at your reports, the problem is clearly the splitter bar between the windows which overlaps the content frame.
Yes, the link is not obscured, but technically the content frame is and NoScript checks whether there's enough content surrounding the link to "contextualize" the link. Since NoScript can't "read", let alone assign a semantic value, to the content, this estimation is merely based on width and height.

This will probably change in a future ClearClick version, where "information density" will be measured as well somehow (leveraging the extra speed given by typed arrays recently introduced in Firefox), and therefore a flat background or the splitter itself will weight less than a text area.

In the meanwhile, I'm trying to see if a specific work-around can be introduced for this case.
However, even though I tried several times, I couldn't reproduce yet.
Is the window where this happens particularly narrow?

Here's a screenshot of the window where this happens



Uploaded with ImageShack.us

As you can see, there's a lot of space, nothing is narrow whatsoever, it's just frustratingly broken from an end-user point of view.