Versionsgeschichte von NoScript

373 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 2.6.8.43.1-signed 528.4 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.43
=============================================================
x [XSS] Protection against some exfiltration attacks based on
arithmetic operators (thanks Masato Kinugawa and File
Descriptor AKA XSS Jigsaw for reporting)

Version 2.6.8.42.1-signed 528.3 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

v 2.6.8.42rc3
=============================================================
+ User-facing "Reload the current tab only" option
x [XSS] Improved window.name exfiltration protection
(thanks Masato Kinugava for reporting)

v 2.6.8.42rc2
=============================================================
x Fixed subtle bug in ScriptSurrogate.replaceScript()
x Fixed HTTPS and cascading permission policies not applying
to XHR and XBL checks
x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
reporting)
+ [XSS] window.name exfiltration protection (thanks Masato
Kinugava for reporting)

v 2.6.8.42rc1
=============================================================
x Fixed script sources enumeration breakage in Firefox 35
(Moz Bug 1068508, thanks Octoploid for reporting)

Version 2.6.8.41.1-signed 527.7 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.41
=============================================================
x Improved Australis toolbar compatibility (thanks Quicksaver
for help)
x Added "Always ask" checkbox to the removal confirmation
dialog (thanks agaxwtmp for RFE)
x Fixed Options dialog broken on ancient Firefox versions
x [XSS] Fixed false positive within *.adxns.com

Version 2.6.8.40.1-signed 529.0 KiB Funktioniert mit Firefox 4.0 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.12 und neuer

v 2.6.8.40
=========================================================================
x Fixed regression causing script inclusions with non-standard ports to
be always blocked
x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

Version 2.6.8.39.1-signed 527.2 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.39
=========================================================================
x [Surrogate] Removed DARLA surrogate and reimplemented its work-around
as a XSS filter exception
x [Bookmarklets] Fixed bookmarklets broken when JavaScript is enabled
(thanks therube for reporting)
x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

Version 2.6.8.38.1-signed 527.1 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.38
=========================================================================
x Fixed regression preventing Youtube movies from playing
x Completed work-around for Firefox's Bug 1044351
x [Surrogate] Improved Yahoo! DARLA source matching

Version 2.6.8.37.1-signed 527.0 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.37
=========================================================================
x Made the new additional script blocking policies more consistent with
other features (e.g. the XSS filter)
x NoScript's toolbar button is now friendlier to other Australis-enabled
add-ons
x Work-around for Firefox's Bug 1044351 (thanks al_9x for RFE)
x [XSS] Support for new insidious ES6 constructs introduced in Firefox 34
(thanks .mario for reporting)
x [HTTPS] Experimental "Allow HTTPS scripts globally on HTTPS documents"
mode
x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
the browser from stalling due to the many window.name-based XSSes
intentionally used by this ads delivery script

Version 2.6.8.36.1-signed 526.0 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.36
=========================================================================
x [Surrogate] Updated adf.ly replacement (thanks kasper93 for coding)
x [Surrogate] Updated connect.facebook.net replacement
x Fixed bookmarklet emulation compatibility issue breaking some add-ons
which rely on the new getShortcutOrURIAndPostData() function signature
x Fixed regression causing preventing the Blocked Objects list from being
manually reset

Version 2.6.8.35.1-signed 526.0 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.35
=========================================================================
x Improved compatibility with browser built-in Click To Play
+ Recently blocked sites are now recorded per-window (causing automatic
oblivion of data from Private Browsing windows when they're closed)
+ Recently blocked sites are not collected at all unless the menu item
is configured to be shown (thanks Barbaz for RFE and patch)

Version 2.6.8.33.1-signed 525.8 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.33
=========================================================================
x Fixed regression in smart reloading of just allowed HTML Media elements
(thanks barbaz for reporting)

v 2.6.8.32rc3
=========================================================================
x Fixed regression: NOSCRIPT element not shown on non-whitelisted pages
(thanks Germán Ponte and Michael Kehrein for reporting)

v 2.6.8.32rc2
=========================================================================
x Replaced Ci.nsIDOMHTML(Video|Audio)Element (about to be removed) with
window.(Video|Audio)Element counterparts (see Moz Bug 1034304)

v 2.6.8.32rc1
=========================================================================
x Fixed jammed icon on the navigation bar when "left clicking on toolbar
icon toggles..." option is checked (thanks Larry for reporting)

Version 2.6.8.31.1-signed 525.8 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.31
=========================================================================
x Updated HTML5 and Gecko-specific markup elements list
x Fixed "too much recursion" book in bookmarklet emulation when executing
window.open(..., "_self") (thanks al_9x)
x Improved icons consistence with cascading permissions
x Fixed 2.6.8.30rc1 regression: broken local file loads
x Make "[Temporarily] Allow all this page" affect only the top-level
document's origin when cascading permissions mode is enabled
x [Surrogate] Fixed regression about a small change in sandbox principal
management breaking some surrogates, including Google Analytics
x [CAPS] better compatibility with Firefox 30's restored checkloaduri
prefs hack
+ UI support for cascadePermissions and restrictSubdocScripting
+ "NoScript Options|Advanced|Trusted|Cascade top document's permissions
to 3rd party scripts" user-facing preference
+ "NoScript Options|Advanced|Untrusted|Block scripting in whitelisted
subdocuments of non-whitelisted pages" user-facing preference
+ Backported cascadePermissions and restrictSubdocScripting support to
ESR 24

Version 2.6.8.29.1-signed 504.0 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.29
=========================================================================
x [Surrogate] googletagservices.com replacement (thanks Guest and barbaz)
x Fixed bookmarklet emulation "Object.getPrototypeOf(...).open is
undefined" failure on Nightly (thanks Ria and barbaz for reporting)

Version 2.6.8.28.1-signed 521.1 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.28
=========================================================================
x Fixed bookmarklet execution on non-whitelisted page causing scripts
to be globally allowed (thanks barbaz and therube for reporting)

Version 2.6.8.27.1-signed 520.9 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.27
=========================================================================
x Work-around for bug 1005552 (backport to ESR)
+ [Surrogate] External script surrogates are now triggered whenever a
matching script fails to load, no matter the reason, e.g. NoScript
permissions, ABE, ABP or RequestPolicy (thanks bonanza for RFE)
x [XSS] Worked around OpenID-related false positive (thanks Gunnar for
reporting)
x [XSS] Better work around for false positive in gmx.com new webmail,
designed to work across all its implementations

Version 2.6.8.26.1-signed 520.8 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.26
=========================================================================
x [XSS] gmx.com false positive work-around extended to international
domains (thanks dood_97 for reporting)
x [XSS] gmx.com false positive work-around extended to mail.com (thanks
boris for reporting)
+ noscript.cascadePermissions preliminary backend implementation
+ noscript.restrictSubdocScripting preliminary backend implementation

Version 2.6.8.25.1-signed 520.8 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.25
=========================================================================
x [ABE] Fixed inability to discriminate loads inititated from the URL bar
on latest Nightlies (thanks Soothsayer for reporting)
x [XSS] Fixed false positive on new gmx.com login (thanks Luigi and LeeB
for reporting)
x [Surrogate] Fixed new google-analytics.com surrogate causing Google
Spreadsheet's columns not to be resizable (thanks bobbybrown for
reporting)

Version 2.6.8.24.1-signed 520.6 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24
=========================================================================
+ Synthetic load events are sent and error events are suppressed for
blocked script elements, in order to work around strict script
inclusion enforcers. This feature is triggered by default only by
Require.js module imports, but can be fully configured by
noscript.fakeScriptLoadEvents.* about:config preferences:
* .enabled: switches this feature on/off
* .onlyRequireJS: if true (default) applies the feature only to script
inclusions initiated by Require.js
* .exceptions: AddressMatcher pattern matching the source URLs of
script elements which should not cause fake load events when blocked
* .docExceptions: AddressMatcher pattern matching the URLs of documents
where no fake load event must be raised
x Improved toStaticHTML() implementation (thanks .mario for reporting)
x Removed useless ICC profiles from some icons (thanks taffit for RFE)
x [Surrogate] Improved google-analytics.com (ga) surrogate
x [XSS] Fixed characters redundancy reduction bug (thanks Masato Kinugawa
for reporting)
x [XSS] Fixed typo in the new regular expression literals stripping
routine implementation (thanks Masato Kinugawa for reporting)
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

Version 2.6.8.23.1-signed 525.5 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.23
=========================================================================
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

v 2.6.8.22
=========================================================================
x Better algorithm for menu items ordering

Version 2.6.8.22.1-signed 525.7 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.22
=========================================================================
x Better algorithm for menu items ordering

Version 2.6.8.21.1-signed 525.5 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.21
=========================================================================
x Fixed XSL check regression (thanks barbaz for reporting)
x Work-around for bug 1005552
+ [Surrogate] Gravatar dummy replacement
x [Australis] Support for reversed menu on surrogate status/addon bars

Version 2.6.8.20.1-signed 525.3 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.20
=========================================================================
x Partially restored "Allow local links" functionality (works for HTML
file:// links but not for embedded resources and scripted loads)
+ "allowLocalLinks.from" about:config preference to define a whitelist
(in ABE URL pattern list syntax) which, if valid and not empty,
overrides the JavaScript whitelist which is reused by legacy default
for pages allowed to open file:// links (Gecko 28 and above)
+ "allowLocalLinks.to" about:config preference to define a whitelist
(in ABE URL pattern list syntax) which, if valid and not empty,
limits the file:// links which can be opened by allowed pages
(Gecko 28 and above)
- Removed "Allow rich text copy and paste from external clipboard" option
from the UI if the browser doesn't support CAPS (Gecko 28 and above)
x Implemented early permission changes enforcement on not yet reloaded
pages, to better match the old CAPS-based behavior (thanks therube
for reporting)
x [Surrogates] Fixed Google Analytics surrogate breaking some javascript:
links (thanks Will for reporting)
x [L18n] Fixed Finnish typo (thanks Kalle Niemitalo for reporting)
x [XSS] Removed OAuth-triggered false positive (thanks Gunnar Scherf for
reporting)
x [XSS] Stricter checks for HTTPS requests from a same domain origin with
different scheme (thanks LouiseRBaldwin for reporting)

Version 2.6.8.19.1-signed 524.7 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.19
=========================================================================
x Fixed CAPS initialization broken in Gecko 27 and below
x Fixed wildcard port matching broken in Gecko 28 and below
ing broken in Gecko 28 and below

Version 2.6.8.18.1-signed 524.7 KiB Funktioniert mit Firefox 28.0 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.26 und neuer

v 2.6.8.18
=========================================================================
x Fixed some bookmarklets being broken by Gecko 28
x [Surrogate] Fixed some surrogates being broken by Gecko 28
- Disabled CAPS-based script blocking for Gecko 28 and above
x Fixed XSLT blocking broken by recent Gecko changes (thanks Xenos for
reporting)

Version 2.6.8.17.1-signed 524.5 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.17
=========================================================================
x CSS tweak for Australis support (thanks Jared Wein)
x Fixed new bookmarklet execution module accidentally using X rays
wrappers and therefore failing to interact

Version 2.6.8.16.1-signed 524.5 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.16
=========================================================================
x Closing a placeholder doesn't collapse its space anymore, unless the
noscript.placeholderCollapseOnClose is set to true or the "Collapse
blocked objects" Embeddings option is checked (thanks Elmart for RFE)
x Further bookmarklet emulation improvements yet (thanks porl for RFEs)

Version 2.6.8.14.1-signed 523.7 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.14
=========================================================================
x Fixed bookmarklet execution disabling JavaScript on whitelisted pages
(Firefox >= 29, thanks vsemozhetbyt for reporting mozbug 970445)
x [ABE] Improved compatibility with .local domains (thanks func0der for
reporting)

Version 2.6.8.13.1-signed 523.6 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.13
=========================================================================
x Restored z-order mobility for options dialog on Linux (thanks barbaz
for RFE)
x Moved ClearClick options into their own "Advanced" sub-tab (thanks
Thrawn for RFE)
x Minor options dialog tweakings
- Removed External Filters options panel
x The option dialog is non-modal and recycled now (thanks barbaz for RFE)

Version 2.6.8.12.1-signed 524.1 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.12
=========================================================================
x Improved work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=958962
+ [Surrogate] Prevent blank ModPagespeed-patched pages when meta refresh
inside NOSCRIPT elements is blocked (thanks thunderscript and barbaz)
x Fixed one-time this.getSite() error on startup
+ Browser Console support
x [Locale] Updated fr (thanks Jack Black)
x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
(thanks LouCypher for reporting)

Version 2.6.8.11.1-signed 523.4 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.11
=========================================================================
x [XSS] Fixed nested URL parsing optimization bug (thanks Masato Kinugawa
for reporting)
x [XSS] Abort, rather than filter, potential charset-based attacks (
thanks Masato Kinugawa for reporting)
x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)

x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
Kinugawa for reporting)
x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
Kinugawa for reporting)
x Adopted the Components.utils.blockScriptForGlobal() API where possible
x [XSS] Further improvements in recursive link checks (thanks Masato
Kinugawa for reporting)
x [XSS] Better checks for combined data/javascript URIs (thanks Masato
Kinugawa for reporting)
x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
Kinugawa for reporting)
x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)
x [XSS] Stricter HTML checks on second-order data URI injections exactly
fitting whole URL attributes (thanks Masato Kinugawa for reporting)

Version 2.6.8.10.1-signed 523.0 KiB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.10
=========================================================================
x [XSS] Fixed regression causing Google Talk false positive (thanks
Stuart Young for report)
x Made about:srcdoc placeholder URL for seamless iframes "mandatory"
to reflect its actual permissions status (thanks barbaz for RFE)