首页>Firefox 专区>Firefox 扩展、插件、脚本和样式>NoScript ClearClick 是什麼意思?
回复
« 返回列表
taglife
taglife
千年狐狸
千年狐狸
  • UID38488
  • 注册日期2012-03-20
  • 最后登录2013-04-02
  • 发帖数2052
  • 经验10枚
  • 威望0点
  • 贡献值0点
  • 好评度1点
写私信
阅读:1724回复:3

NoScript ClearClick 是什麼意思?

楼主#
更多 发布于:2012-09-07 05:01
在 Google Picasa 上傳圖片,然後在打名稱的框出現的訊息?
右鍵沒反應,Ctrl+V 不能貼上...
測試是 NoScript 最近更新的版本影響的,要如何允許?

錯誤主控台的訊息:
[NoScript ClearClick] Swallowed event click on undefined/0 at https://docs.google.com/picker?protocol=gadgets&relayUrl=https://picasaweb.google.com/s/v/lighthousefe_98.03/rpc_relay.html&hostId=pwa&hl=zh_TW&rpcService=lhid_picker&rpctoken=190exzxazxidp&selectButtonLabel=%E7%A2%BA%E5%AE%9A&title&navHidden=true&multiselectEnabled=true&white=true&chromeMode=none&uploadToAlbumId=5654622536935555297&nav=((%22upload%22,null,%7B%22query%22:%22photos%22,%22data%22:%7B%22owner_name%22:%22109154272040971063932%22,%22disable_asbe_notification%22:%22false%22,%22streamid%22:null%7D%7D))

[NoScript ClearClick] Swallowed event keypress on INPUT/0 at https://docs.google.com/picker?protocol=gadgets&relayUrl=https://picasaweb.google.com/s/v/lighthousefe_98.03/rpc_relay.html&hostId=pwa&hl=zh_TW&rpcService=lhid_picker&rpctoken=190exzxazxidp&selectButtonLabel=%E7%A2%BA%E5%AE%9A&title&navHidden=true&multiselectEnabled=true&white=true&chromeMode=none&uploadToAlbumId=5654622536935555297&nav=((%22upload%22,null,%7B%22query%22:%22photos%22,%22data%22:%7B%22owner_name%22:%22109154272040971063932%22,%22disable_asbe_notification%22:%22false%22,%22streamid%22:null%7D%7D))

[NoScript ClearClick] Swallowed event keyup on INPUT/0 at https://docs.google.com/picker?protocol=gadgets&relayUrl=https://picasaweb.google.com/s/v/lighthousefe_98.03/rpc_relay.html&hostId=pwa&hl=zh_TW&rpcService=lhid_picker&rpctoken=190exzxazxidp&selectButtonLabel=%E7%A2%BA%E5%AE%9A&title&navHidden=true&multiselectEnabled=true&white=true&chromeMode=none&uploadToAlbumId=5654622536935555297&nav=((%22upload%22,null,%7B%22query%22:%22photos%22,%22data%22:%7B%22owner_name%22:%22109154272040971063932%22,%22disable_asbe_notification%22:%22false%22,%22streamid%22:null%7D%7D))

[NoScript ClearClick] Swallowed event mousedown on https://picasaweb.google.com/lh/webUpload?uname=109154272040971063932&aid=5654622536935555297&continue=https%3A%2F%2Fpicasaweb.google.com%2F109154272040971063932%2FScrapbookPhotos%23 (rapid fire from https://docs.google.com in 400ms)

[NoScript ClearClick] Swallowed event mouseup on https://picasaweb.google.com/lh/webUpload?uname=109154272040971063932&aid=5654622536935555297&continue=https%3A%2F%2Fpicasaweb.google.com%2F109154272040971063932%2FScrapbookPhotos%23 (rapid fire from https://docs.google.com in 400ms)

[NoScript ClearClick] Swallowed event click on https://picasaweb.google.com/lh/webUpload?uname=109154272040971063932&aid=5654622536935555297&continue=https%3A%2F%2Fpicasaweb.google.com%2F109154272040971063932%2FScrapbookPhotos%23 (rapid fire from https://docs.google.com in 400ms)


图片:Picasaweb.google.com.png
喜欢0
Firefox 開啟安全模式,停用個人設定、佈景主題及擴充套件(無附加元件)測試:
說明 > 重新啟動但停用附加元件(Firefox 4+)
Firefox Profile: 說明 > 疑難排解資訊 > 開啟資料夾
排版引擎:Firefox(Gecko), Opera(Presto), Google Chrome(WebKit),
Safari(WebKit), Internet Explorer(Trident), Konqueror(KHTML)
回复
CooB
CooB
千年狐狸
千年狐狸
  • UID2829
  • 注册日期2005-02-06
  • 最后登录2023-05-23
  • 发帖数2176
  • 经验140枚
  • 威望0点
  • 贡献值18点
  • 好评度3点
写私信
  • 社区居民
  • 忠实会员
1楼#
发布于:2012-09-07 05:01
来自NoScript官网FAQ

Q:   What is ClearClick and how does it protect me from Clickjacking?
A:   ClearClick is a NoScript specific anti-Clickjacking protection module developed during the September 2008 "Clickjacking panic". It received testing and feedback from many involved security researches such as RSnake and Jeremiah Grossman (the fathers of the term "Clickjacking"), Eduardo "Sirdarckcat" Vela and others, and now it's enabled by default, protecting NoScript users from Clickjacking everywhere: it even remains active if you switch NoScript in the less safe Allow scripts globally mode. How does it work? Clickjacking hides or displaces or partially covers something you wouldn't want to click, if you could see it in its original context. ClearClick does the opposite: whenever you click a plugin object or a framed page, it takes a screenshot of it alone and opaque (i.e. an image of it with no transparencies and no overlaying objects), then compares it with a screenshot of the parent page as you can see it. If the two images differ, a clickjacking attack is probably happening and NoScript raises a "ClearClick warning", showing you the contextualized and "clear" object you were about to click, so you can evaluate by yourself if that was really something you wanted to do. Of course there are many subtle technical details involved, but the basic concept is just simple like that.

把google域都给Allow进白名单还不行么?
回复(0) 喜欢(0)
taglife
taglife
千年狐狸
千年狐狸
  • UID38488
  • 注册日期2012-03-20
  • 最后登录2013-04-02
  • 发帖数2052
  • 经验10枚
  • 威望0点
  • 贡献值0点
  • 好评度1点
写私信
2楼#
发布于:2012-09-07 05:01
恩... 看無...
都允許啦!好像不是 Script 的東西...
也沒有 XSS 和 ABE 通知...

图片:NoScript 2.5.4 in picasaweb.google.com.png
Firefox 開啟安全模式,停用個人設定、佈景主題及擴充套件(無附加元件)測試:
說明 > 重新啟動但停用附加元件(Firefox 4+)
Firefox Profile: 說明 > 疑難排解資訊 > 開啟資料夾
排版引擎:Firefox(Gecko), Opera(Presto), Google Chrome(WebKit),
Safari(WebKit), Internet Explorer(Trident), Konqueror(KHTML)
回复(0) 喜欢(0)
taglife
taglife
千年狐狸
千年狐狸
  • UID38488
  • 注册日期2012-03-20
  • 最后登录2013-04-02
  • 发帖数2052
  • 经验10枚
  • 威望0点
  • 贡献值0点
  • 好评度1点
写私信
3楼#
发布于:2012-09-07 05:01
被我抓到了    
這是一個會動的 gif 圖片...

图片:NoScript ClearClick Picasaweb My Photos link.gif
Firefox 開啟安全模式,停用個人設定、佈景主題及擴充套件(無附加元件)測試:
說明 > 重新啟動但停用附加元件(Firefox 4+)
Firefox Profile: 說明 > 疑難排解資訊 > 開啟資料夾
排版引擎:Firefox(Gecko), Opera(Presto), Google Chrome(WebKit),
Safari(WebKit), Internet Explorer(Trident), Konqueror(KHTML)
回复(0) 喜欢(0)
游客

关于FirefoxMozilla 技术支持谋智中国手机版(Beta)了解 Mozilla

返回顶部