Versionsgeschichte von NoScript

882 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 2.6.8.28rc1 533.5 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.28rc1
=========================================================================
x Fixed bookmarklet execution on non-whitelisted page causing scripts
to be globally allowed (thanks barbaz and therube for reporting)

Version 2.6.8.27.1-signed 533.4 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.27
=========================================================================
x Work-around for bug 1005552 (backport to ESR)
+ [Surrogate] External script surrogates are now triggered whenever a
matching script fails to load, no matter the reason, e.g. NoScript
permissions, ABE, ABP or RequestPolicy (thanks bonanza for RFE)
x [XSS] Worked around OpenID-related false positive (thanks Gunnar for
reporting)
x [XSS] Better work around for false positive in gmx.com new webmail,
designed to work across all its implementations

Version 2.6.8.27rc3 533.5 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.27rc3
=========================================================================
x [Surrogate] Better trigger timing
x Work-around for bug 1005552 (backport to ESR)

v 2.6.8.27rc2
=========================================================================
+ [Surrogate] External script surrogates are now triggered whenever a
matching script fails to load, no matter the reason, e.g. NoScript
permissions, ABE, ABP or RequestPolicy (thanks bonanza for RFE)

Version 2.6.8.27rc2 533.4 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.27rc2
=========================================================================
+ [Surrogate] External script surrogates are now triggered whenever a
matching script fails to load, no matter the reason, e.g. NoScript
permissions, ABE, ABP or RequestPolicy (thanks bonanza for RFE)

Version 2.6.8.27rc1 533.7 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.27rc1
=========================================================================
x [XSS] Worked around OpenID-related false positive (thanks Gunnar for
reporting)
x [XSS] Better work around for false positive in gmx.com new webmail,
designed to work across all its implementations

Version 2.6.8.26.1-signed 533.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.26
=========================================================================
x [XSS] gmx.com false positive work-around extended to international
domains (thanks dood_97 for reporting)
x [XSS] gmx.com false positive work-around extended to mail.com (thanks
boris for reporting)
+ noscript.cascadePermissions preliminary backend implementation
+ noscript.restrictSubdocScripting preliminary backend implementation

Version 2.6.8.26rc1 533.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.26rc1
=========================================================================
x [XSS] gmx.com false positive work-around extended to international
domains (thanks dood_97 for reporting)
x [XSS] gmx.com false positive work-around extended to mail.com (thanks
boris for reporting)
+ noscript.cascadePermissions preliminary backend implementation
+ noscript.restrictSubdocScripting preliminary backend implementation

Version 2.6.8.25.1-signed 533.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.25
=========================================================================
x [ABE] Fixed inability to discriminate loads inititated from the URL bar
on latest Nightlies (thanks Soothsayer for reporting)
x [XSS] Fixed false positive on new gmx.com login (thanks Luigi and LeeB
for reporting)
x [Surrogate] Fixed new google-analytics.com surrogate causing Google
Spreadsheet's columns not to be resizable (thanks bobbybrown for
reporting)

Version 2.6.8.25rc2 533.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.25rc2
=========================================================================
x [ABE] Fixed inability to discriminate loads inititated from the URL bar
on latest Nightlies (thanks Soothsayer for reporting)
x [XSS] Improved fix for false positive on new gmx.com login (thanks
Luigi and LeeB for reporting)

v 2.6.8.25rc1
=========================================================================
x [Surrogate] Fixed new google-analytics.com surrogate causing Google
Spreadsheet's columns not to be resizable (thanks bobbybrown for
reporting)
x [XSS] Fixed false positive on new gmx.com login (thanks Luigi for
reporting)

Version 2.6.8.25rc1 533.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.25rc1
=========================================================================
x [Surrogate] Fixed new google-analytics.com surrogate causing Google
Spreadsheet's columns not to be resizable (thanks Luigi for reporting)
x [XSS] Fixed false positive on new gmx.com login (thanks bobbybrown for
reporting)

Version 2.6.8.24.1-signed 533.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24
=========================================================================
+ Synthetic load events are sent and error events are suppressed for
blocked script elements, in order to work around strict script
inclusion enforcers. This feature is triggered by default only by
Require.js module imports, but can be fully configured by
noscript.fakeScriptLoadEvents.* about:config preferences:
* .enabled: switches this feature on/off
* .onlyRequireJS: if true (default) applies the feature only to script
inclusions initiated by Require.js
* .exceptions: AddressMatcher pattern matching the source URLs of
script elements which should not cause fake load events when blocked
* .docExceptions: AddressMatcher pattern matching the URLs of documents
where no fake load event must be raised
x Improved toStaticHTML() implementation (thanks .mario for reporting)
x Removed useless ICC profiles from some icons (thanks taffit for RFE)
x [Surrogate] Improved google-analytics.com (ga) surrogate
x [XSS] Fixed characters redundancy reduction bug (thanks Masato Kinugawa
for reporting)
x [XSS] Fixed typo in the new regular expression literals stripping
routine implementation (thanks Masato Kinugawa for reporting)
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

Version 2.6.8.24rc5 533.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24rc5
=========================================================================
+ More flexible implementation of the fake script load events feature,
triggered by default only by Require.js module imports, can be fully
configured by noscript.fakeScriptLoadEvents.* about:config preferences:
* .enabled: switches this feature on/off
* .onlyRequireJS: if true (default) applies the feature only to script
inclusions initiated by Require.js
* .exceptions: AddressMatcher pattern matching the source URLs of
script elements which should not cause fake load events when blocked
* .docExceptions: AddressMatcher pattern matching the URLs of documents
where no fake load event must be raised

v 2.6.8.24rc4
=========================================================================
+ Synthetic load events are sent and error events are suppressed for
blocked script elements, in order to work around strict script
inclusion enforcers such as Require.js (this feature is configured by
the noscript.fakeScriptLoadEvents about:config preference)
x Improved toStaticHTML() implementation (thanks .mario for reporting)
x Removed useless ICC profiles from some icons (thanks taffit for RFE)
x [Surrogate] Improved google-analytics.com (ga) surrogate

v 2.6.8.24rc3
=========================================================================
x [XSS] Fixed characters redundancy reduction bug (thanks Masato Kinugawa
for reporting)

v 2.6.8.24rc2
=========================================================================
x [XSS] Fixed typo in the new regular expression literals stripping
routine implementation (thanks Masato Kinugawa for reporting)

v 2.6.8.24rc1
=========================================================================
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)

v 2.6.8.23rc1
=========================================================================
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

Version 2.6.8.24rc4 532.9 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24rc4
=========================================================================
+ Synthetic load events are sent and error events are suppressed for
blocked script elements, in order to work around strict script
inclusion enforcers such as Require.js (this feature is configured by
the noscript.fakeScriptLoadEvents about:config preference)
x Improved toStaticHTML() implementation (thanks .mario for reporting)
x Removed useless ICC profiles from some icons (thanks taffit for RFE)
x [Surrogate] Improved google-analytics.com (ga) surrogate

v 2.6.8.24rc3
=========================================================================
x [XSS] Fixed characters redundancy reduction bug (thanks Masato Kinugawa
for reporting)

v 2.6.8.24rc2
=========================================================================
x [XSS] Fixed typo in the new regular expression literals stripping
routine implementation (thanks Masato Kinugawa for reporting)

v 2.6.8.24rc1
=========================================================================
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)

v 2.6.8.23rc1
=========================================================================
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

Version 2.6.8.24rc3 538.5 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24rc3
=========================================================================
x [XSS] Fixed characters redundancy reduction bug (thanks Masato Kinugawa
for reporting)

v 2.6.8.24rc2
=========================================================================
x [XSS] Fixed typo in the new regular expression literals stripping
routine implementation (thanks Masato Kinugawa for reporting)

v 2.6.8.24rc1
=========================================================================
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)

Version 2.6.8.24rc2 538.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24rc2
=========================================================================
x [XSS] Fixed typo in the new regular expression literals stripping
routine implementation (thanks Masato Kinugawa for reporting)

v 2.6.8.24rc1
=========================================================================
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)

Version 2.6.8.24rc1 538.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.24rc1
=========================================================================
x [XSS] Fixed subtle bug in regular expression literals stripping
optimization, potentially causing false negatives in edge cases (thanks
Masato Kinugawa for reporting)

Version 2.6.8.23.1-signed 538.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.23
=========================================================================
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

v 2.6.8.22
=========================================================================
x Better algorithm for menu items ordering

Version 2.6.8.23rc1 538.2 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.23rc1
=========================================================================
x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
and NoScript's on-hover menu needing a click to be closed

Version 2.6.8.22.1-signed 538.4 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.22
=========================================================================
x Better algorithm for menu items ordering

Version 2.6.8.22rc1 538.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.22rc1
=========================================================================
x Better algorithm for menu items ordering

Version 2.6.8.21.1-signed 538.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.21
=========================================================================
x Fixed XSL check regression (thanks barbaz for reporting)
x Work-around for bug 1005552
+ [Surrogate] Gravatar dummy replacement
x [Australis] Support for reversed menu on surrogate status/addon bars

Version 2.6.8.21rc2 538.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.21rc2
=========================================================================
x Fixed XSL check regression (thanks barbaz for reporting)
x Work-around for bug 1005552

v 2.6.8.21rc1
=========================================================================
+ [Surrogate] Gravatar dummy replacement
x [Australis] Support for reversed menu on surrogate status/addon bars

Version 2.6.8.21rc1 538.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.21rc1
=========================================================================
+ [Surrogate] Gravatar dummy replacement
x [Australis] Support for reversed menu on surrogate status/addon bars

Version 2.6.8.20.1-signed 537.9 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.20
=========================================================================
x Partially restored "Allow local links" functionality (works for HTML
file:// links but not for embedded resources and scripted loads)
+ "allowLocalLinks.from" about:config preference to define a whitelist
(in ABE URL pattern list syntax) which, if valid and not empty,
overrides the JavaScript whitelist which is reused by legacy default
for pages allowed to open file:// links (Gecko 28 and above)
+ "allowLocalLinks.to" about:config preference to define a whitelist
(in ABE URL pattern list syntax) which, if valid and not empty,
limits the file:// links which can be opened by allowed pages
(Gecko 28 and above)
- Removed "Allow rich text copy and paste from external clipboard" option
from the UI if the browser doesn't support CAPS (Gecko 28 and above)
x Implemented early permission changes enforcement on not yet reloaded
pages, to better match the old CAPS-based behavior (thanks therube
for reporting)
x [Surrogates] Fixed Google Analytics surrogate breaking some javascript:
links (thanks Will for reporting)
x [L18n] Fixed Finnish typo (thanks Kalle Niemitalo for reporting)
x [XSS] Removed OAuth-triggered false positive (thanks Gunnar Scherf for
reporting)
x [XSS] Stricter checks for HTTPS requests from a same domain origin with
different scheme (thanks LouiseRBaldwin for reporting)

Version 2.6.8.20rc3 538.1 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.20rc3
=========================================================================
x Partially restored "Allow local links" functionality (works for HTML
file:// links but not for embedded resources and scripted loads)
+ "allowLocalLinks.from" about:config preference to define a whitelist
(in ABE URL pattern list syntax) which, if valid and not empty,
overrides the JavaScript whitelist which is reused by legacy default
for pages allowed to open file:// links (Gecko 28 and above)
+ "allowLocalLinks.to" about:config preference to define a whitelist
(in ABE URL pattern list syntax) which, if valid and not empty,
limits the file:// links which can be opened by allowed pages
(Gecko 28 and above)
- Removed "Allow rich text copy and paste from external clipboard" option
from the UI if the browser doesn't support CAPS (Gecko 28 and above)

v 2.6.8.20rc2
=========================================================================
x Implemented early permission changes enforcement on not yet reloaded
pages, to better match the old CAPS-based behavior (thanks therube
for reporting)

v 2.6.8.20rc1
=========================================================================
x [Surrogates] Fixed Google Analytics surrogate breaking some javascript:
links (thanks Will for reporting)
x [L18n] Fixed Finnish typo (thanks Kalle Niemitalo for reporting)
x [XSS] Removed OAuth-triggered false positive (thanks Gunnar Scherf for
reporting)
x [XSS] Stricter checks for HTTPS requests from a same domain origin with
different scheme (thanks LouiseRBaldwin for reporting)

Version 2.6.8.20rc2 537.4 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.20rc2
=========================================================================
x Implemented early permission changes enforcement on not yet reloaded
pages, to better match the old CAPS-based behavior (thanks therube
for reporting)

v 2.6.8.20rc1
=========================================================================
x [Surrogates] Fixed Google Analytics surrogate breaking some javascript:
links (thanks Will for reporting)
x [L18n] Fixed Finnish typo (thanks Kalle Niemitalo for reporting)
x [XSS] Removed OAuth-triggered false positive (thanks Gunnar Scherf for
reporting)
x [XSS] Stricter checks for HTTPS requests from a same domain origin with
different scheme (thanks LouiseRBaldwin for reporting)

Version 2.6.8.20rc1 537.6 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.20rc1
=========================================================================
x [Surrogates] Fixed Google Analytics surrogate breaking some javascript:
links (thanks Will for reporting)
x [L18n] Fixed Finnish typo (thanks Kalle Niemitalo for reporting)
x [XSS] Removed OAuth-triggered false positive (thanks Gunnar Scherf for
reporting)
x [XSS] Stricter checks for HTTPS requests from a same domain origin with
different scheme (thanks LouiseRBaldwin for reporting)

Version 2.6.8.19.1-signed 537.3 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.19
=========================================================================
x Fixed CAPS initialization broken in Gecko 27 and below
x Fixed wildcard port matching broken in Gecko 28 and below
ing broken in Gecko 28 and below

Version 2.6.8.19rc2 537.4 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.19rc2
=========================================================================
x Fixed CAPS initialization broken in Gecko 27 and below

v 2.6.8.19rc1
=========================================================================
x Fixed wildcard port matching broken in Gecko 28 and below

Version 2.6.8.19rc1 537.6 kB Funktioniert mit Firefox 3.0.9 und neuer, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 und neuer

v 2.6.8.19rc1
=========================================================================
x Fixed wildcard port matching broken in Gecko 28 and below