[tbb-bugs] #14985 [Tor Browser]: NoScript Clickjacking warning when clicking on embedded content
Tor Bug Tracker & Wiki
blackhole at torproject.org
Wed May 6 10:56:41 UTC 2015
#14985: NoScript Clickjacking warning when clicking on embedded content
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: new
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-usability, tbb-4.5-regression,
Browser | TorBrowserTeam201505
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
It seems my hypothesis is correct: I built both a Tor Browser with
{{{
+ if (nsContentUtils::IsCallerChrome())
+ return true;
}}}
omitted and one with the bare minimum of patches on top of ESR 31
(basically only the canvas related + the ThirdPartyUtil API ones and some
minor .mozconfig tweaks). In both cases there is no clearclick dialog on
Lunar's bank's page while the canvas related patches are still working (I
still got the popup when visiting github.com).
I might have messed up things with the bare minimum build, though.
However, given the time-constraints I propose to just remove the
`IsCallerChrome()` related code snippet as the impact is less grave than
all these clearclick false positives (basically #13439 is then an issue
again but there should not be any wranings while rendering .pdf files)
while bisecting for the real culprit and fixing it for the release after
the next one.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14985#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
More information about the tbb-bugs
mailing list