Versionsgeschichte von NoScript

369 Versionen

Seien Sie vorsichtig mit alten Versionen!

Diese Versionen werden zu Referenz- und Testzwecken angezeigt. Sie sollten immer die letzte Version eines Add-ons verwenden.

Version 1.9.1.2 352.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.1.2
=====================================================================
+ HTTPS forced on background requests (images, stylesheets,
scripts, embeddings, AJAX...) as well (thanks mattmccutchen's RFE)
+ Fennec 1.0b1 compatibility

v 1.9.1.1
=====================================================================
x Fixeds XSS false positive on SAMLP payloads (thanks MysticOrchid
for reporting)

Version 1.9.1 352.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.1
=====================================================================
x ClearClick performance boost on crowded documents
x Updated French translation
x Reduced log spam on content blocking

v 1.9.0.92
=====================================================================
+ Yieldmanager script surrogate (thanks orngjce223 for suggestion)
x Fixed "Attempt to fix JavaScript links" causing middle-clicks to
open JS link targets twice on Gecko 1.8 (thanks therube for report)

v 1.9.0.91
=====================================================================
+ ClearClick incident reporting tool

v 1.9.0.9
=====================================================================
x Fixed 20 seconds hang in injection checker on URLs containing long
sequences of the "

Version 1.9.0.8 349.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

http://noscript.net/changelog

v 1.9.0.8
=====================================================================
x Work around for Mozilla bug 453825

v 1.9.0.7
=====================================================================
x Work around for SimpleViewer and other Flash movies replaced with
innerHTML breaking on nsIContentPolicy presence (thanks Steffen
Zahn for reporting).

Version 1.9.0.6 349.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

http://noscript.net/changelog

v 1.9.0.6
=====================================================================
x Fixed page-level surrogates in subframes being executed too much
early to be effective (thanks GossamerGremlin for report)
x Work-around for bug 4066046 (thanks Alice0755)
x Fixed incompatibility with the wfx_Versions extension (thanks
Archaeopteryx for report)
x Fixed double activation for nested OBJECT elements, e.g. apple.com
QuickTime movies (thanks al_9 for report)
x Fixed Silverlight applets not intercepted in Gecko 1.8.1.19-20
(thanks al_9x for report)

Version 1.9.0.5 349.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0b1

v 1.9.0.5
=====================================================================
+ Upper limits for JS link detection loop (thanks Wladimir Palant)
+ about:certerror added to the intrinsic whitelist
+ ClearClick compatibility with the Link Alert extension
+ 3rd party script blocking improvements
x Updated Slovak translation

Version 1.9.0.4 349.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.9.0.4
=====================================================================
x Fixed XHTML namespacing issues (thanks dhouwn for report)

v 1.9.0.3
=====================================================================
x Fixed E4X hijacking false positive with scripts delimited by XML
comments and containing XML (thanks Jim Mattfield for report)

v 1.9.0.2
=====================================================================
x Fixed X-FRAME-OPTIONS not working inside OBJECT elements (thanks
Joris van der Wel for report)
x Restored broken compatibility with Seamonkey 1.0.x (thanks James
Andrewartha for report)

v 1.9.0.1
=====================================================================
x Work around for edge case false positive on plugins embedded in
cross-site framesets (thanks therube for report)

Version 1.9 348.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

1.9
=====================================================================
+ Improved ClearClick sensitivity (thanks Eric Lawrence for report)

1.8.9.9
=====================================================================
+ Experimental X-FRAME-OPTIONS compatibility support (see
http://hackademix.net/2009/01/29/x-frame-options-in-firefox/ and
http://evil.hackademix.net/frameopts/ )
x Updated pt-BR translation
x Fixed freeze on Poken URLs (thanks ksdz for report)
x Fixed URIs nested in query string being normalized with trailing
slash (thanks Benny Brostrup and Carsten for reporting about
login.service.csc.dk)

1.8.9.8
=====================================================================
+ Support for page-level surrogate scripts, executed before pages
whose URL matches sources patterns starting with "@" start loading
x Enhanced "catch all" Google Analytics surrogate (thanks Jesse
Andrew for reporting)
x Refactored the Silverlight IsVersionSupported() patch to use
ScriptSurrogate.execute()
x Streamlined Silverlight support
+ Instant placeholders, being shown before page finishes loading

Version 1.8.9.7 347.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

1.8.9.7
=====================================================================
x Improved script surrogation reliability
x Fixed URIValidator preferences not being updated at runtime
x Updated Sweden locale

v 1.8.9.6
=====================================================================
+ Evernote compatibility hacks

v 1.8.9.5
=====================================================================
+ Stricter checks for the "Attempt to fix JavaScript link" feature
and emulation of form submission links (thanks Jah for report)

v 1.8.9.4
=====================================================================
x Fixed minimum sized placeholder potentially exceeding smaller
frames (thanks greenhatch for report about BetFair's menu)
x Fixed ClearClick form bounds miscalculation with negative coords
(thanks Zjakki Willems for report about BlogSpot's search feature)
x Fixed document loaded in a nested iframe when enabling a blocked
legacy frame

v 1.8.9.3
=====================================================================
+ Extensible script surrogate mechanism (surrogating Google Analytics
by default, look at noscript.surrogate.* in about:config)
+ noscript.placeholderMinSize (default 32) forces a minimum
pixel size on object placeholders
x Cleaned up noscript.jsHack for custom usages

Version 1.8.9.2 346.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.9.2
=====================================================================
x Fixed page loading stalled sometimes when the final destination of
a redirected script inclusion gets blocked by NoScript

v 1.8.9.1
=====================================================================
x Fixed 3rd party script files starting with an XML comment being
"swallowed" (breaking myway.com, netaddress.com and others)

Full changelog: http://noscript.net/changelog

Version 1.8.9 345.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.9
=====================================================================
+ New noscript.clearclick.exceptions preference to specify URL
patterns of page where clickjacking shouldn't be checked
x *.ebay.com ClearClick exception to temporarily work-around a false
positive on one-click bids too difficult to reproduce
x Performance optimization of the JSON and E4X hijacking protection
x Compatibility with Amazon one-click
x Removed __count__ usage triggering a deprecated warning in Fx 3.0.x
x Relaxed XSS checks from same-domain HTTPSHTTP requests
x Improved E4X hijacking detection, skips leading XML comments in
scripts (http://forums.mozillazine.org/viewtopic.php?p=5488645)
x Updated Japanese translation

v 1.8.8.95
=====================================================================
+ JSON and E4X hijacking protection (Gecko >= 1.9.0.4 required)

v 1.8.8.94
=====================================================================
x Removed a potential document leak

v 1.8.8.93
=====================================================================
x Improved accuracy of the new simulated onchange event handler

v 1.8.8.92
=====================================================================
x Work-around for 1.9.2a1 Components.utils.lookupMethod() breakage
x Restored placeholder outline on 1.9.2a1

v 1.8.8.91
=====================================================================
+ Added browser-built-in about:xyz URLs to the permanent whitelist
+ Simulated onchange event handling for simple HTML select drop-down
with URL-like options
x Work-around for bug 453825 triggered by hack for bug 472495 and
breaking smugmug.com Flash-based fullscreen slideshows (thanks
Daniel Dorau for reporting)

v 1.8.8.9
=====================================================================
+ New zoom-guessing algorithm, giving more accurate results than
nsIMarkupDocumentViewer.fullZoom built-in property, to fix
ClearClick false positives at some fractional zoom levels

Full changelog: http://noscript.net/changelog

Version 1.8.8.8 343.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.8.8
=====================================================================
+ Kazakh translation (thanks Baurzhan Muftakhidinov)
x ClearClick optimization by canvas recycling
x Work-around for bug 472495

v 1.8.8.7
=====================================================================
x Work-around for Windows Media Player embedded objects missing video
streams under some circumstances (thanks AteUte52 for reporting)

v 1.8.8.6
=====================================================================
x Fixed ClearClick false positive on very narrow frames (e.g. on
http://horseracing.betfair.com - thanks greenhatch for reporting)
x Fixed XSS false positive on very long indexed CGI parameters lists
(e.g. on http://pingoat.com - thanks Daethian for reporting)

Full changelog: http://noscript.net/changelog

Version 1.8.8.5 338.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.8.5
=====================================================================
x Further optimization of Base64 injection checks
x More accurate clipping of scrolling frames in ClearClick

v 1.8.8.4
=====================================================================
x Performance optimization of Base64 injection checks (thanks Dave
Griffiths for reporting an Ebay chatroom issue)

v 1.8.8.3
=====================================================================
+ More specific injection checks for scriptless targets
+ Compatibility with the Fire.fm extension
x Fixed sporadic swallowed clicks on Google Street View

v 1.8.8.2
=====================================================================
x Fixed file:/// not showing anymore in NoScript menus

v 1.8.8.1
=====================================================================
x Fixed possible long-running loop on complex JSON-like requests

Full changelog: http://noscript.net/changelog

Version 1.8.8 338.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.8
=====================================================================
x Fixed rare ClearClick false positives on the bottom edge of
scrolling frames
x Fixed ClearClick false positive on some cnbc.com videos

v 1.8.7.8
=====================================================================
+ Compatibility with Fennec Alpha 2

v 1.8.7.7
=====================================================================
+ InjectionChecker checks HTML injections on untrusted targets too
+ Chained and nested JSON support (necessary to graceufully handle
some Facebook APIs)
x Fixed too much aggressive data: URL sanitization
x Fixed sites whose URL doesn't support host not showing in menu
(thanks timeless for report)

Version 1.8.7.6 338.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0a1, SeaMonkey 1.1 - 2.0a3

v 1.8.7.6
=====================================================================
x Improved specificity for "location=code" injection checks
x Compatibility with Facebook Connect JSON patterns

v 1.8.7.5
=====================================================================
x Heavy optimization of JSON reduction routine (up to 100x speedup),
thanks Brian Krebs and Amy Buzby for reports and samples
x Fixed top-level plugin content difficult to allow by clicking its
placeholder when other plugin-interacting extensions are active

Full changelog at http://noscript.net/changelog

Version 1.8.7.4 338.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

v 1.8.7.4
=====================================================================
+ Contextual disablement with visual feedback for "Revoke temporary
permissions" and "Temporarily allow all on this page" toolbar
buttons (thanks WAPCE for suggestion).
x Improved early detection of event attribute XSS
x Updated Arabic translation by Khaled Hosny

v 1.8.7.3
=====================================================================
x Better viewport framing when scrollbars are present (thanks
timeless for report)
x Compatibility with Firefox 3.2a1pre

1.8.7.2
=====================================================================
x Work-around for Google Toolbar 5 Beta conflict
x Work-around for newTabURL incompatibility
x Adaptation to bug 464754

1.8.7.1
=====================================================================
x Fixed issues with noscript.forbidIFrameContext = 0 (thanks Aerik
for report)

Full changelog at http://noscript.net/changelog

Version 1.8.7 335.0 KiB Funktioniert mit Firefox 1.5 - 3.6a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a3

Version 1.8.6 320.0 KiB Funktioniert mit Firefox 1.5 - 3.1b3pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.5 318.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.4.1 317.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.4 317.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.0a2

Version 1.8.3.6 313.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.3.3 310.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.3.2 310.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.3 310.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.2.8 307.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

1.8.2.8 fixes an issue with external protocol (mailto:, e2k:, irc:...) not working.
http://noscript.net/changelog

Version 1.8.2.4 305.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.2.3 305.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

Version 1.8.2.2 305.0 KiB Funktioniert mit Firefox 1.5 - 3.1b2pre, SeaMonkey 1.1 - 2.0a2

1.8.2.2 improves ClearClick accuracy, reducing false positives rate near to 0 and making it usable on trusted sites as well.
More details:
http://noscript.net/changelog
http://noscript.net/faq#clearclick

Version 1.8.2.1 298.0 KiB Funktioniert mit Firefox 2.0 - 3.1b2pre, SeaMonkey 1.0 - 2.0a2

1.8.2.1 backports the new ClearClick functionality to be compatible with Firefox 2.x, Seamonkey 1.1.x and other Gecko 1.8.1 browsers.

http://noscript.net/changelog

Version 1.8.2 298.0 KiB Funktioniert mit Firefox 3.0a1 - 3.1b1pre, SeaMonkey 1.0 - 2.0a2