Versionsgeschichte von NoScript

374 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 2.0.9.2.1-signed 473.0 KiB Funktioniert mit Firefox 3.0 und neuer, SeaMonkey 2.0 - 2.1b2

v 2.0.9.2
==========================================================================
x Fixed forbid META refresh inside NOSCRIPT elements regression

v 2.0.9.1
==========================================================================
x Fixed partial options dialog breakage (ClearClick and Import/Export)

v 2.0.9
==========================================================================
- Removed JAR blocking (obsolete in supported browser versions)
- Removed emulated TLD service
x Hidden status bar icon option on applications which have no status bar
x Fixed noscript.doNotTrack.* preferences not being honored

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toolbar button temporarily allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.8.1 493.0 KiB Funktioniert mit Firefox 3.0 - 4.0b9pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8.1
==========================================================================
x Fixed new IFRAME-based Youtube embedding method broken on non
whitelisted pages with embedding restrictions (thanks al_9x for report)

v 2.0.8
==========================================================================
x Fixed toolbar buttons icon size on Firefox 4 Windows theme
+ XSS check on permissions changes, suppressing events and forcing
filtered reload if an injection is found (thanks "dave b" for reporting)
x Fixed graphic glitches on menu showing with accelerated graphics (thanks
Das for reporting)
x Fixed permission changes causing unrelated tabs to be reloaded when
automatic permissions had been previously granted

v 2.0.8rc2
==========================================================================
x Fixed unhandled exception caused by LiveConnect interception logging (
thanks al_9x for reporting)
x Optimized QueryInterface generation
+ [ABE] 6to4 IP addresses support
x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPT mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)

Version 2.0.7 491.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.7
==========================================================================
+ [XSS] Detection and filtering of hexadecimal and binary encoded
reflected XSS through SQL injection (SQLXSSI), partially found and
disclosed (raw hexadecimal variant only) by Aditya K Sood

v 2.0.6
==========================================================================
+ Bug fixes and improvements in LiveConnect interception
x Fixed random "win is null" error message (thanks timeless for report)

v 2.0.6rc4
==========================================================================
+ Java packages exposed by LiveConnect on the window object are made
unaccessible wherever Java is blocked by embedding restrictions

v 2.0.6rc3
==========================================================================
x [ABE] Work-around for Flash video playback and other HTTP subrequests
from plugins sometimes failing on latest Minefield builds

v 2.0.6rc2
==========================================================================
x [ABE] Fixed 2.0.6rc1 regression: broken internal redirections

v 2.0.6rc1
==========================================================================
+ "Security and privacy info" pages shown also by middle-clicking items
in NoScript Options|Whitelist (thanks dhouwn for RFE)
x [XSS] Better compatibility with 4shared embedded movies
x [ABE] Fixed regression: Anon action interfering with IFrame blocking
when DNS record for current request is cached (thanks al_9x for report)

Version 2.0.5.1 486.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.5.1
==========================================================================
x Improved LoadGroup integration of the new internal redirection machinery
for better loading progress feedback.

v 2.0.5
==========================================================================
x Fixed stability issue when forcing HTTPS on images

v 2.0.5rc3
==========================================================================
x Faster and more "correct" hack for internal redirections

v 2.0.5rc2
==========================================================================
x Experimental asynchronous channel replacement for ABE and HTTPS
enforcement, should prevent issues with image caching
x Work-around for Google/Youtube bug, sending "Content-Type: text/plain"
header for script files even with "X-Content-Type-Options: nosniff" (see
http://forums.informaction.com/viewtopic.php?f=7&t=5304)

v 2.0.5rc1
==========================================================================
x Fixed automatic allowing for XMLHttpRequest of sites with explicit port
numbers whose domain is allowed (thanks evanpelt for reporting)

Version 2.0.4 486.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.4rc2
==========================================================================
+ Better logging for the "X-Content-Type-Options: nosniff" activity
+ noscript.nosniff about:config preference to control whether enforcing
"X-Content-Type-Options: nosniff" (true, default) or not (false)

v 2.0.4rc1
==========================================================================
+ "X-Content-Type-Options: nosniff" support
x Fixed using bookmarklets with noscript.allowBookmarkletImports set to
false erronously adds current website to the JavaScript whitelist

Version 2.0.3.5 486.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.5
==========================================================================
x [UI] Fixed right-click on the toolbar button switching permissions

v 2.0.3.4
==========================================================================
+ [UI] Bold "Recently blocked" menu and items which have been attempted to
load from the currently displayed web site (thanks therube for RFE)
- Removed legacy (pre Fx 3) notification code

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.3 486.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.3
==========================================================================
x Changed noscript.forbidIFramesContext about:config preference default to
3 (same base domain) to ensure better usability on complex sites (e.g.
new Twitter) for people who's blocking iframes on trusted sites
x Optimal sensitivity calibration for Hover UI trigger events

v 2.0.3.3rc3
==========================================================================
+ Improved Hover UI usability with the noscript.hoverUI.delayStop
about:config preference, dictating how many milliseconds the mouse must
stand still on NoScript's icon before NoScript's menu is displayed

v 2.0.3.3rc2
==========================================================================
+ [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
functions, in order to allow top-level variables to be forced read-only
by using the const keyword; built-in surrogates have been retrofitted to
prevent scope clashes, by adding anonymous function wrappers as needed

v 2.0.3.3rc1
==========================================================================
+ [UI] Configurable enter and exit delays for the hover UI behavior, via
noscript.hoverUI.delay* about:config preferences
x [ClearClick] improved compatibility with very short frames (like the top
bar on www.blogger.com, thanks craftcove for reporting)
x [Policy] Removed legacy code specializing TYPE_OTHER

Version 2.0.3.2 486.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

v 2.0.3.1
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc4
==========================================================================
x Work-arounds for some CAPS implementation impedance mismatches (thanks
GµårÐïåñ and al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

v 2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3 486.0 KiB Funktioniert mit Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b1

2.0.3
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

v 2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embeddings (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.2.5 485.0 KiB Funktioniert mit Firefox 3.0 - 4.0b6pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.3 485.0 KiB Funktioniert mit Firefox 3.0 - 4.0b6pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.3
==========================================================================
x [XSS] Fixed optimization bug which may lead to slower checks on specific
source patterns

Version 2.0.1 481.0 KiB Funktioniert mit Firefox 3.0 - 4.0b5pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1
==========================================================================
+ [ABE] noscript.abe.localExtras about:config preference can specify net
resources (space separated IPs and/or subnets) to be considered as
LOCAL by ABE, in addition to the "regular" private subnetworks and the
auto-detected WAN IP (thanks ammdispose for suggestion)
x [ClearClick] Better compatibility with iframes containing very tiny
pages (e.g. horizontal Flattr buttons)
x Fixed page-level surrogates not always being executed inside iframes
(thanks al_9x for reporting)
x [XSS] Fixed XML tags with no attributes which are homonymous of
"sensitive" HTML tags triggering XSS false positives

v 2.0.1rc4
==========================================================================
+ Forced NOSCRIPT element activation is not triggered for sources marked
as untrusted (thanks al_9x for suggestion)
+ Update for Firefox 4.0b4pre compatibility (bug 546606)

v 2.0.1rc3
==========================================================================
x Improved interaction between surrogates and NOSCRIPT element activation
x Fixed potential recursion issue during DNS resolution on SeaMonkey trunk
(thanks therube for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=584334
x Fixed using IPv6 URL syntax causes confusion to some proxies
x Compatibility checks updates

v 2.0.1rc2
==========================================================================
+ [ABE] "X-ABE-Fingerprint: Off" header can be sent by web servers which
don't want/need to be fingerprinted by ABE's WAN IP protection
+ [ABE] User agent header "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)"
is sent to help administrators finding info about ABE's fingerprinting
x [ABE] Fingerprint checks are performed every 15 minutes, rather than 5
x Fixed early access to document.documentElement breaking XBL bindings
on SeaMonkey trunk (thanks therube for reporting)

v 2.0.1rc1
==========================================================================
x Fixed meta redirections being broken sometimes when a NOSCRIPT element
activation is forced on a JavaScript-enabled page (thanks Supermop for
reporting)

Version 2.0 481.0 KiB Funktioniert mit Firefox 3.0 - 4.0b3pre, SeaMonkey 2.0 - 2.1a3

v 2.0
==========================================================================
x [Surrogate] Fixed Google thumbs surrogate broken by recent Gecko changes
x [ClearClick] Work-around for client(Height|Width) miscalculation

v 2.0rc8
==========================================================================
+ Full hand-over to InjectionChecker for untrusted origin requests as well
+ More efficient UI synchronization system
x Fixed status icon not being correctly updated when a new script source
gets added after page is loaded

v 2.0rc7
==========================================================================
+ More web-compatible NOSCRIPT element handling on mixed permissions pages

v 2.0rc6
==========================================================================
+ [ABE] WAN IP checks logged on Error Console (thanks al_9x for RFE)

v 2.0rc5
==========================================================================
+ [ABE] Experimental cross-zone CSRF protection for flawed routers which
expose their WAN IP on their LAN interface (thanks al_9x for report)

v 2.0rc4
==========================================================================
+ Anti-anti-adblocker generic page-level surrogate
+ Minimal surrogates for several ad/tracking sources
+ Revsci surrogate (thanks al_9x)
x Work-around for medicare.gov "benign" XSS

v 2.0rc3
==========================================================================
x Fixed X-Frame-Options being checked for plugin embeddings as well
(thanks Richard Johnson for reporting)

v 2.0rc2
==========================================================================
+ External filters now receive the object URL as their 4th argument

Version 1.10 478.0 KiB Funktioniert mit Firefox 1.5 - 4.0b3pre, SeaMonkey 1.1 - 2.1a3

v 1.10
==========================================================================
+ ABE built-in ruleset editor
+ Button to reset ABE's defaults
x Fixed setting noscript.cp.last to false causing embeddings not to be
blocked
x Fixed 2nd order InjectionChecker bypass (thanks Sirdarckcat for report)
+ External filters now receive the object referrer as their 3rd argument

Version 1.9.9.99 478.0 KiB Funktioniert mit Firefox 1.5 - 4.0b2pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.99
==========================================================================
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)

Version 1.9.9.98 478.0 KiB Funktioniert mit Firefox 1.5 - 4.0b2pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.98
==========================================================================
+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

v 1.9.9.98rc6
==========================================================================
x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
restart

v 1.9.9.98rc5
==========================================================================
+ Support for the latest Gecko 2 XPCOM changes
x Work-around for Mozilla's bug 576492

v 1.9.9.98rc4
==========================================================================
+ noscript.surrogates.debug preference enables console logging of uncaught
exceptions happening in surrogates (thanks al_9x for suggestion)
x Better error handling in surrogates, prevents a failing scripts to abort
the others
x Improved AMO surrogates, allows right-click menu to work on install
buttons (thanks Mc for reporting)


v 1.9.9.98rc3
==========================================================================
x Fixed bug on edge case minimum placeholder size computation when object
to be replaced is out of the current viewport
x Version compatibility bump for Firefox 4.0b2pre
x Fixed regression: untrusted icon not being shown when all the sources
of a page are untrusted (thanks al_9x for reporting)

v 1.9.9.98rc2
==========================================================================
+ window.toStaticHTML implementation
x Improved placeholders for embeds nested in ActiveX OBJECT elements

v 1.9.9.98rc1
==========================================================================
+ Surrogate for Google Search thumbnails when Google is not whitelisted
+ Automatic reload on permission change setting now affects pages
containing embeddings which change status too, whose reload can be also
forced through the noscript.autoReload.embedders preference:
0 - never reload
1 - inherit the noscript.autoReload setting
2 - force reload
+ Prevent reload on pages where a 3rd party script changed its
permissions status but the top-level is forbidden and unchanged
+ Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
whitelisted

Version 1.9.9.97 475.0 KiB Funktioniert mit Firefox 1.5 - 4.0b2pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.97
==========================================================================
x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu
for reporting)
x Compatibility version bump for Seamokey trunk

v 1.9.9.97rc1
==========================================================================
x Fixed '@' surrogates being ran on scriptless pages
x Recentering on the parent form for ClearClick checks over a form widget
reduces false positives over obstructed frames

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Version 1.9.9.96 475.0 KiB Funktioniert mit Firefox 3.6 - 3.7a6pre, SeaMonkey 2.0 - 2.1a3

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Version 1.9.9.87 473.0 KiB Funktioniert mit Firefox 1.5 - 3.7a6pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.87
==========================================================================
x Improved URL parsing in META refresh interception
x Optimized * universal pattern in AddressMatcher
x Better error reporting during the execution of location bar scriptlets

v 1.9.9.86
==========================================================================
+ Better timing for page-level script surrogates inside frames
+ mime/type@http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)
+ Improved XSS checks accuracy (less false positives) and performance
+ Enhanced management of recent Silverlight versions (thanks al_9x for
reporting)

v 1.9.9.85
==========================================================================
+ More accurate checks for META inside NOSCRIPT with HTML 5 parser
x Fixed possible DOS condition on some kinds of very long URLs

v 1.9.9.84
==========================================================================
x Improved heuristic for background refresh automatic blocking and
reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element

v 1.9.9.83
==========================================================================
x Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)

v 1.9.9.82
==========================================================================
+ More discreet and automated anti-tabnagging protection (refreshes are
blocked on unfocused tabs and get automatically executed only when
tab gets in focus again)
+ Slight optimization of AddressMatcher tests on .site.com clauses
x Fixed noscript.forbidBGRefresh.exceptions not being honored
x Better handling of error conditions happening during ABE's channel
replacement internal redirections (thanks al_9x for reporting)
x Fixed minor feedback icon glitches (thanks al_9x for reporting)

Version 1.9.9.81 472.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.81
==========================================================================
+ Experimental blocking of page refreshes happening inside untrusted
unfocused tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing" variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:
0 - no blocking
1 - block refreshes on untrusted unfocused tabs
2 - block refreshes on trusted unfocused tabs
3 - block refreshes on both trusted and untrusted unfocused tab
Address patterns matching pages which shouldn't be affected can be
listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression

v 1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

Version 1.9.9.80 471.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre

1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

v 1.9.9.78
==========================================================================
x Redirect cache for scripts and XBL only
x Fixed cross-site CSS being blocked under some circumstances (e.g.
on Flicker and Yahoo)

Version 1.9.9.77 472.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre


v 1.9.9.77
==========================================================================
+ ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account
+ ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
x Fixed iconic feedback inconsistencies when untrusted blocked objects
are mixed with full-trusted content (tanks al_9x for reporting)
x Fixed Injection Checker false positives on some kinds of complex nested
URLs (thanks Sirdarckcat for reporting)
x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)

v 1.9.9.76
==========================================================================
x Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting)
x Fixed about: URL not being shown in NoScript menu (thanks al_9x for
reporting)
x Removed minor strict warnings on Minefield

v 1.9.9.75
==========================================================================
x Redirected site caching now skips plugin content
x Removed __parent__ usages for Minefield compatibility
x Removed some strict warnings (thanks timeless for reporting)

Version 1.9.9.74 469.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.74
==========================================================================
x Fixed false positive issue with empty cross-site POST requests (thanks
Bahamut for reporting)

v 1.9.9.73
==========================================================================
x Fixed potential double-firing command issue on Firefox Mobile
+ Added about:addons and about:home to the mandatory whitelist
+ Improved responsivity and usability on Firefox Mobile

v 1.9.9.72
==========================================================================
x Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile
+ Finger-friendlier UI on Firefox Mobile

Version 1.9.9.71 468.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.71
==========================================================================
+ Added "Allowed with untrusted sources and blocked objects" icon
x Fixed minor inconsistencies in new partial allowance feedback icons
(thanks al_9x for reporting)

v 1.9.9.70
==========================================================================
+ Compatibility and better integration with latest Firefox Mobile (Fennec)
+ Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)
+ New specific partial status icon for pages where all scripts are allowed
but some objects are blocked (thanks al_9x for RFE)
+ "about:blank" won't be shown as a secondary source in NoScript's UI. Old
behavior can be restored by setting the noscript.showBlankSources
preference to true (thanks al_9x for RFE)
+ googleapis.com in the default whitelist
x Fixed 2nd order indirect InjectionChecker bypass (thanks Sirdarckcat for
reporting)
x Fixed a Mac OS X specific InjectionChecker decoding issue (thanks
Colling Jackson for reporting)

Version 1.9.9.69 457.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.69
==========================================================================
x Further compatibility improvements in complex bookmarklets handling

v 1.9.9.68
==========================================================================
x Better asynchronous bookmarklets handling, should not crash on
Readability anymore
x Ultimate (maybe!) fix for trunk bug 556739 breakage

v 1.9.9.67
==========================================================================
x Better fix for trunk bug 556739 breakage

v 1.9.9.66
==========================================================================
x Further embed-only sites in menu fixes (thanks al_9x for reporting)

v 1.9.9.65
==========================================================================
x Fixed bookmarklet support broken on trunk by bug 556739 (thanks dhouwn
for reporting)
x Fixed embed-only sites shown in main menu again (thanks al_9x for
reporting)

v 1.9.9.64
==========================================================================
x Better untrusted menu behavior on embedding only sources (thanks al_9x
for reporting)
x Improved InjectionChecker compatibility with OpenID and other complex
requests (thanks Jamie Cox for reporting)
x Fixed accurate Base64 injection checks breaking some encrypted Paypal
buttons

Version 1.9.9.63 455.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.63
==========================================================================
x Removed ":0" wildcards from NoScript menu in ignorePorts=false mode to
prevent confusing behaviors (thanks al_9x for suggestion)
+ Embedding-only sites are shown in the Untrusted menu if placeholders are
set to be hidden for untrusted embeddings (thanks al_9x for suggestion)

v 1.9.9.62
==========================================================================
x Improved XSS filter sensitivity for Base64-encoded payloads (thanks
Stefano Di Paola for suggestion)
x Improved Facebook connect compatibility (thanks Peter Alexander for
reporting)
x Removed __count__ usage in DNS cache management (SpiderMonkey compat)
x Fixed "Attempt to fix Javascript links" not working when the javascript:
scheme is mixed-case (thanks al_9x for reporting)

Version 1.9.9.61 454.0 KiB Funktioniert mit Firefox 1.5 - 3.7a5pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.61
==========================================================================
x Fixed InjectionChecker infinite recursion bug on certain requests
(thanks dhouwn for reporting)
x Fixed plugin activation patches not being applied under some
circumstances

v 1.9.9.60
==========================================================================
+ Pluggable site info page (default http://noscript.net/info/%utf8%;%ace%)
can be opened by middle-click or shift+click on any site entry in
NoScript's menus, and can be configured by editing the
noscript.siteInfoProvider about:config preference
+ More user-friendly management of non-standard TCP ports
x Fixed release notes page might break session restore sometimes
x Locale files maintenance
+ Object sources won't appear in main menu when embedding restrictions
apply to whitelist; previous behavior can be restored by setting the
noscript.alwaysShowObjectSources to false (thanks al_9x for RFE)

v 1.9.9.59
==========================================================================
x Better management of cached requests
x Fixed allowing objects from "Blocked objects" reloading only the first
of each URL/mime pair group (thanks al_9x for reporting)
x Improved Facebook widgets compatibility (thanks Peter Alexander and
Chuck Mullen for reporting)
x Fixed "Allow scripts globally" setting being ignored by the bulk
configuration import feature (thanks Mike Perry for reporting)
x Fixed "Mark as untrusted" menu items being shown in "Allow scripts
globally" mode even if both "Untusted" and "Mark as untrusted" are
unchecked in the Appearace options tab (thanks Mike Perry for reporting)
x Improved bookmarklets support
x Minor bug fixes in jolly port matching
x Improved Anti-Popunder surrogate (thanks justaguest for reporting)

v 1.9.9.58
==========================================================================
x Fixed HTMLObjectElement plugin content being blocked by X-Frame-Options
checks (thanks Titioz for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=553901

Version 1.9.9.57 455.0 KiB Funktioniert mit Firefox 1.5 - 3.7a4pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.57
==========================================================================
x Fixed feed subscription broken on sites implementing X-Frame-Policy
(regression from 1.9.9.56, thanks al_9x for reporting)
x Included js.wlxrs.com in default whitelist in order to make Hotmail
login work out-of-the-box for new users

Version 1.9.9.50 454.0 KiB Funktioniert mit Firefox 1.5 - 3.7a4pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.50
==========================================================================
+ Updated ABE grammar to use new AddressMatcher syntactic sugar
+ Alert about ABE syntax errors when option dialog gets focused after a
ruleset editing (thanks al_9x for suggestion)

v 1.9.9.49
==========================================================================
+ .x.y AddressMatcher syntactic sugar, matching both x.y and *.x.y (thanks
al_9x for suggestion)
+ InjectionChecker speed and accuracy improvements
x Fixed top-level site not being correctly positioned and highlighted in
permissions menu sometimes (thanks nagan for report)
x Fixed post-XSS "Unsafe reload" not working properly sometimes

v 1.9.9.48
==========================================================================
x Fixed a second level InjectionChecker bypass, requiring an open redirect
which accepts and uses unfiltered data: URIs. Responsible disclosure by
the SecuriTeam Secure Disclosure (SSD) project
x Fixed reload on permission change being triggered on the nearest 10 tabs
only
x Fixed permanent address entry being added to the whitelist if domain is
already allowed upon bookmarklet execution (thanks Bobabo for report)
x Better UI behavior for URLs with non-standard ports (thanks al_9x for
report)
x Updated nb-NO localization

Version 1.9.9.47 455.0 KiB Funktioniert mit Firefox 1.5 - 3.7a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.47
==========================================================================
x Fixed XSS checks skipped on some reloads (thanks Alejandro Rusell for
report)
x Improved content placeholder management
x Mobile version bump

v 1.9.9.46
==========================================================================
x Fixed uneeded tab reload issue related to untrusted subdomains (thanks
al_9x for reporting)
x Optimized reload checks for the "hundreds of tabs" case, in order to
prevent UI locking
x Improved XSS checks on file uploads, should not hang even on gigabytes
x Trunk compatibility version bump