[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: [tor-bugs] #14985 [Tor Browser]: NoScript Clickjacking warning when clicking on embedded content
#14985: NoScript Clickjacking warning when clicking on embedded content
-------------------------+-------------------------------------------------
Reporter: | Owner: tbb-team
cypherpunks | Status: new
Type: defect | Milestone:
Priority: major | Version:
Component: Tor | Keywords: tbb-usability, tbb-4.5-regression,
Browser | TorBrowserTeam201505
Resolution: | Parent ID:
Actual Points: |
Points: |
-------------------------+-------------------------------------------------
Comment (by gk):
It seems my hypothesis is correct: I built both a Tor Browser with
{{{
+ if (nsContentUtils::IsCallerChrome())
+ return true;
}}}
omitted and one with the bare minimum of patches on top of ESR 31
(basically only the canvas related + the ThirdPartyUtil API ones and some
minor .mozconfig tweaks). In both cases there is no clearclick dialog on
Lunar's bank's page while the canvas related patches are still working (I
still got the popup when visiting github.com).
I might have messed up things with the bare minimum build, though.
However, given the time-constraints I propose to just remove the
`IsCallerChrome()` related code snippet as the impact is less grave than
all these clearclick false positives (basically #13439 is then an issue
again but there should not be any wranings while rendering .pdf files)
while bisecting for the real culprit and fixing it for the release after
the next one.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/14985#comment:13>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs