Versionsgeschichte von NoScript

380 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 2.6.9.37 536.4 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.37
=============================================================
x Fixed bug: launching a bookmarklet on about:newTab caused
allow scripts globally for that tab (thanks James Strange
for reporting)
x [L10n] Updated French translation (thanks Syl)
x Fixed NOSCRIPT element hidden on Javascript-disabled pages
(moz bug 1208818)
x [Surrogate] enhanced gogletags.com replacement (thanks
therube)
x Fixed subtle bug in load context association causing an
origin mismatch in one corner case (thanks Gareth Heyes
for reporting)

Version 2.6.9.36 536.0 KiB Funktioniert mit Firefox 3.0.9 - 44.0, SeaMonkey 2.0 - 2.39

v 2.6.9.36
=============================================================
x [L10n] Fixed typo in nb-NO (thanks Mikkel H.)
x [e10s] Fixed top-level site auto-whitelisting broken
x [e10s] Fixed MozBug 1196477 (crash with allowLocalLinks)
x Shorthands reliability improvements
x [ClearClick] fixed console spam due to missing XPCOM
interfaces for HTML elements
x In order to help Netflix users with the new video delivery
system, users who have netflix.com already in their
whitelist get https://*.nflxvideo.net whitelisted as
well on upgrade

Version 2.6.9.35 536.0 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.35
=============================================================
x [Surrogate] googletagservices.com replacement now supports
custom googletag objects (thanks barbaz)
x [Surrogate] fixed surrogates stopped working on older
Gecko versions (thanks barbaz)
x [XSS] Work-around for false positive on some Yahoo! URLs
x Corrected mistyped about:pocket-saved whitelist entry
x Fixed race condition in ABE options observer causing
l.getRowCount() console spam

Version 2.6.9.34 536.0 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.34
=============================================================
x [Surrogate] Fixed a bug preventing some replacements from
running
x [XSS] Fixed over-optimized JSON and dots erasure allowing
for a filter bypass in specific (and likely rare)
circumstances (thanks Gareth Heyes for reporting)

Version 2.6.9.33 536.0 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.33
=============================================================
x [XSS] Fixed bug in minimal inline JavaScript fragment
detection (thanks Frederik Braun for reporting)
x [L10n] Updated Russian (thanks fatboy).
x [Surrogate] fixed scope conflicts caused by the $S() object
replacement wrapper (e.g. with some EA games)

Version 2.6.9.32 536.0 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.32
=============================================================
+ Added domains required for Netflix playback to the default
whitelist
x Fixed inline script blocking broken by latest Nightlies
x Fixed NOSCRIPT elements not being shown in script-blocked
pages on Firefox betas
x [Surrogate] shimmed or replaced code causing deprecations
x [Surrogate] updated googletag replacement (thanks barbaz)
x [XSS] Fixed regression in minimal inline JavaScript
fragment detection (thanks Gareth Heyes for reporting)
x Fixed edge case causing JavaScript redirections detection
to fail on http://qklnk.co/ (thanks Jess Hampshire for RFE)

Version 2.6.9.31 535.4 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.31
=============================================================
x [XSS] Fixed attribute injection checks regression (thanks
Maxim Rupp and .mario of Cure53 for reporting)

Version 2.6.9.30 535.4 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.30
=============================================================
x Fixed noscript.allowWhitelistUpdates preference being
ignored
+ Filtering out whitelist additions not required by the
the specific current browser type and version
+ Added about:pocket-save and about:pocket-signup to the
default whitelist
x More restrictive and accurate INCLUSION type check (thanks
Meee for reporting)
x [XSS] Further invalid characters optimization refinement
(thanks Mathias Karlsson for reporting)
x [XSS] Fixed XML stripping optimization to prevent inline
injections (thanks Mathias Karlsson for reporting)
x Default whitelist maintenance: removed prototypejs.org,
cdnjs.cloudflare.com; restored maps.googleapis.com
x [XSS] Updated inline event handlers related code preventing
potential 2nd order injections on very badly coded websites
(thanks Mathias Karlsson for reporting)

Version 2.6.9.29 536.1 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.29
=============================================================
x [XSS] Improved specificity of invalid characters
optimization to remove a string literal breaking detection
bypass (thanks Mathias Karlsson for reporting)

Version 2.6.9.28 536.1 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.28
=============================================================
x Narrowed googleapis.com default whitelist entry to
ajax.googleapis.com
x [Surrogate] Updated gigya.com and 2mdn.net replacements
(thanks saaib)

Version 2.6.9.27 536.0 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.27
=============================================================
x Fixed media elements being blocked on first (uncached)
request (thanks RobertDrew for reporting)
+ noscript.middlemouse_temp_allow_main_site about:config
preference to control whether middle-clicking the toolbar
button should allow current top document's site (thanks
barbaz)
x [L10n] Updated Belarusian (thanks Dzmitry Drazdou)
+ Default whitelist retroactive removal ability
x Removed vjs.zendcdn.net from the default whitelist

Version 2.6.9.26 536.0 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.26
=============================================================
x Extended the redirectTo() safety net for to all the internal
redirections
x Work-around for redirectTo() breaking Flash plugin
subrequests
x Got ChannelReplacement backed by HTTPChannel.redirectTo()
whenever possible (should fix moz-bug 1153256 for good)
x Fixed double redirection in HTTPS enforcing

Version 2.6.9.25.1-signed 533.8 KiB Funktioniert mit Firefox 3.0.9 - 41.0, SeaMonkey 2.0 - 2.37

v 2.6.9.25
=============================================================
x Fixed regression preventing HTTPS enforcing exceptions from
being honored

v 2.6.9.24
=============================================================
x Fix for intermittent crashes on older Gecko versions

Version 2.6.9.23.1-signed 533.8 KiB Funktioniert mit Firefox 31.0 - 41.0, SeaMonkey 2.31 - 2.37

v 2.6.9.23
=============================================================
x Work-around for moz-bug 1167371
x Fixed fatal regression on Firefox 34 and below
x Improved backward compatibility
x Work-around for anonymized plugin subrequests being vetoed
by channel event sink
x Fixed backward compatibility PopupBoxObject shim
x [E10s] Fixed cascading permissions broken when checks are
performed cross-process
x [Surrogate] Removed deprecated "for each" constructs from
replacements
x [L10n] Updated ru-RU (thanks negodnik)
x Tentative fix for Bug 1153256 (thanks Dragana Damjanovic)
+ Added about:preferences to the mandatory whitelist
- Removed legacy STS support
+ [Surrogate] 2mdn.net inclusion replacement (thanks barbaz)
+ [E10s] Restored inline JavaScript blocking

Version 2.6.9.22.1-signed 534.2 KiB Funktioniert mit Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.22
=============================================================
+ [Surrogate] Generalized OWASP antiClickjacking replacement
(thanks barbaz for RFE)
+ [Surrogate] Wordpress scriptless site auto-show replacement
+ bootstrapcdn.com in default whitelist

Version 2.6.9.21.1-signed 534.0 KiB Funktioniert mit Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.21
=============================================================
+ Added "mediasource:" to the mandatory whitelist (Moz-Bug
1151638)
x [Surrogate] Updated googletagservices.com replacement
(thanks barbaz)
x Better compatibility with SDK-based add-ons using data:
URIs (thanks Mingyi Liu for report)

Version 2.6.9.20.1-signed 533.9 KiB Funktioniert mit Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.20rc2
=============================================================
x Improved "Recently blocked sites..." recording
x Fixed inconsistencies in data: URIs handling (thanks barbaz
for reporting)

Version 2.6.9.19.1-signed 533.8 KiB Funktioniert mit Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.19
=============================================================
+ [Surrogate] .gigya.com replacement provided by barbaz
+ [Surrogate] js.stripe.com replacement provided by barbaz
+ Improved usability of new Yahoo! video activation (thanks
Glenn for reporting)
+ Added googlevideo.com to the default whitelist because it's
now required to play Youtube movies (thanks barbaz for RFE)

Version 2.6.9.18.1-signed 533.5 KiB Funktioniert mit Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.18
=============================================================
x Fixed restrictSubdocScripts/globalHTTPSWhitelist
interaction issue (thanks Tor Project for report)
x Fixed regression always disabling scripts whenever site's
host name is a IPv6 literal (thanks ipv6user for report)
x Fixed menu automatic disappearance on mouse exit broken by
Firefox 36 changes (thanks randavis, cumdacon and barbaz
for report)

Version 2.6.9.17.1-signed 533.3 KiB Funktioniert mit Firefox 3.0.9 - 40.0, SeaMonkey 2.0 - 2.37

v 2.6.9.17
=============================================================
x Fixed cascadePermissions/globalHTTPSWhitelist interaction
issue with IFRAMEs (thanks Tor Project for report)
x Fixed cascadePermissions being enforced also if the top
document is implicitly allowed by the globalHTTPSWhitelist
policy, rather than explicitly whitelisted, causing HTTP
subdocument and scripts to be unintendendly allowed when
the top document is HTTPS (thanks Tor Project for report)
x [Surrogate] Update Google Analytics replacement (thanks
barbaz)

Version 2.6.9.16.1-signed 533.1 KiB Funktioniert mit Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.16
=============================================================
+ [Surrogate] Updated Gravatar surrogate (thanks barbaz)
+ Additional HTML sanitization when pasting rich text into
content-editable elements (thanks .mario for RFE)
+ Introduced framework for E10s migration, starting with new
features and fixes
x Removed deprecated let () expressions from the code base

Version 2.6.9.15.1-signed 531.7 KiB Funktioniert mit Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.15
=============================================================
+ Fixed regression in 2.6.9.12 causing data: URI documents
to be scripting-enabled (thanks GOF for tweet)

Version 2.6.9.14.1-signed 531.7 KiB Funktioniert mit Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.14
=============================================================
+ [Surrogate] OWASP legacy Javascript-based "antiClickjack"
protection surrogate to unhide "protected" pages when
scripting is disabled (thanks barbaz)
+ Restored noscript.forbidXHR functionality trying to make it
more web-compatible (thanks barbaz for RFE)

Version 2.6.9.13.1-signed 531.5 KiB Funktioniert mit Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.13
=============================================================
x [XSS] Fixed bugs in comment stripping optimization (thanks
Masato Kinugawa for reporting)
x [XSS] Better protection against some ES6 attacks (thanks
Masato Kinugawa for reporting)
- Removed support for XMLHttpRequest blocking
(noscript.forbidXHR preference). The same functionality,
if really needed, can still be achieved through ABE anyway.

Version 2.6.9.12.1-signed 531.6 KiB Funktioniert mit Firefox 3.0.9 - 39.0, SeaMonkey 2.0 - 2.36

v 2.6.9.12
=============================================================
x Fixed origin checking bug causing sandboxed IFRAMEs to have
scripting always disabled (thanks Ellad Tadmor for report)

Version 2.6.9.11.1-signed 531.5 KiB Funktioniert mit Firefox 3.0.9 - 38.0, SeaMonkey 2.0 - 2.35

v 2.6.9.11
=============================================================
x [Surrogate] microsoftSupport surrogate to force the content
to be shown if scripts are disabled (thanks thunderscript)
x Check private browsing against chrome rather than content
windows (prevents annoying warning console messages)

Version 2.6.9.10.1-signed 531.5 KiB Funktioniert mit Firefox 3.0.9 - 38.0, SeaMonkey 2.0 - 2.35

v 2.6.9.10
=============================================================
x Fixed regression: permanently allow a web site erasing
temporary whitelist items (thanks smersh for reporting)
x Fixed private windows detection for UI adaptation broken in
SeaMonkey (thanks barbaz for reporting)
x Made the Permanent "allow" commands in private windows'
checkbox look and behave like the other options in the
"Appearance" tab, i.e. controlling the visibility of the
menu item by the same name

Version 2.6.9.9.1-signed 531.5 KiB Funktioniert mit Firefox 3.0.9 - 38.0, SeaMonkey 2.0 - 2.35

v 2.6.9.9
=============================================================
x Updated GPL.txt and NoScript_License.txt with current FSF
information (thanks Thomas Spura for reporting)
x Fixed regression causing "Revoke temporary permissions"
gitches (thanks barbaz for reporting)
x Moved the Permanent "allow" commands in private windows'
menu toggle next to the 'Options' command

Version 2.6.9.8.1-signed 531.5 KiB Funktioniert mit Firefox 3.0.9 - 38.0, SeaMonkey 2.0 - 2.35

v 2.6.9.8
=============================================================
+ 'Permanent "allow" commands in private windows' preference
in NoScript Options|Appearance (inverse of
noscript.volatilePrivatePermissions)
+ 'Permanent "allow" commands in private windows' toggle
in NoScript menu while in Private Browsing mode, controlled
by noscript.showVolatilePrivatePermissionsToggle
x Fixed regression in Cascade Permissions mode (thanks Kitty
Box for reporting)
+ Fixed whitelisting regression on Gecko 25 and below (e.g.
Palemoon)
+ Actually prevent temporary whitelist items from being saved
in prefs (thanks to Mike Perry)

Version 2.6.9.7.1-signed 531.2 KiB Funktioniert mit Firefox 3.0.9 - 37.0, SeaMonkey 2.0 - 2.34

v 2.6.9.7
=============================================================
x Fixed inconsistencies in the globalHttpsWhitelist option
implementation (thanks Mike Perry for reporting)
+ Volatile temporary whitelist, never gets saved to disk
(thanks to Tor Project for sponsorship)
+ Never show permanent whitelist modifying commands when in
private mode, unless the noscript.volatilePrivatePermissions
preference is false (thanks to Tor Project for sponsorship)
+ noscript.allowWhitelistUpdate preference to control whether
NoScript should be able to tweak the whitelist on version
updates when the 3rd party requirements for an already
whitelisted website change (thanks Thencent for RFE)