NoScript Security Suite version history - 25 versions
NoScript Security Suite by Giorgio Maone
Be careful with old versions! These versions are displayed for testing and reference purposes.You should always use the latest version of an add-on.
Latest version
Version 11.2.10
Released Jul 22, 2021 - 641 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.10
============================================================
x Cross-browser file naming consistency, in spite of version
numbering incompatibilities
x [nscl] Fix for potential race conditions on certain page
transitions (issue #205)
x Handle exception when accessing navigator.serviceWorker on
sandboxed frames
x MS Edge supportSource code released under GNU General Public License, version 2.0
Download Firefox and get the extensionYou’ll need Firefox to use this extensionOlder versions
Version 11.2.9
Released Jun 23, 2021 - 647.33 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.9
============================================================
x [L10n] Updated de, mk
x Replace deprecated extension.getURL() with
runtime.getURL()
x REUSE-compliant licensing boilerplate
x Remove unused/refactored-out files
x Relicensing as GPL3+
x [nscl] Fixed infinite recursion issue on window.open
wrappers
x Avoid treating JavaScript files as embeddings when opened
as top-level documentsSource code released under GNU General Public License, version 2.0
Version 11.2.8
Released May 19, 2021 - 608.58 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.8
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he, de
x Fix meta refresh sometimes ignored on Firefox 78 ESR
(issue #192, thanks hackerncoder for report)
x Chromium-specific build-time customizationsSource code released under GNU General Public License, version 2.0
Version 11.2.7
Released May 5, 2021 - 607.94 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.7
============================================================
x Better prompt layout (no accidental scrollbar)
x [nscl] Fix regression causing media patches to break some
pages (thanks l0drex for report, issue #189)Source code released under GNU General Public License, version 2.0
Version 11.2.6
Released May 4, 2021 - 608.38 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.6
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
scriptless pages (thanks skriptimaahinen for RFE)
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed race condition causing external CSS not to be
rendered sometimes when unrestricted CSS is disabled
x Avoid document rewriting for noscript meta refresh
emulation in most cases
x [nscl] Fixed XHTML pages broken when served with
application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
/nscl/service/DocStartInjection.js
x Configurable "unrestricted CSS" capability to for sites
where the CSS PP0 mitigation should be disabled
(e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
operator pre-checksSource code released under GNU General Public License, version 2.0
Version 11.2.4
Released Mar 26, 2021 - 597.79 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
(https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
(thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
in a tight loop
x [UI] More understandable label for the cascading
restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvementsSource code released under GNU General Public License, version 2.0
Version 11.2.3
Released Feb 17, 2021 - 589.58 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
element capability
x Fixed missing red halo feedback in CUSTOM preset for
inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
rendered sometimesSource code released under GNU General Public License, version 2.0
Version 11.2.2
Released Feb 16, 2021 - 595.04 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.2
============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it, ja, lt, mk, ms, nb, nl,
pt_BR, ru, sq, sv_SE, tr, zh_CN, zh_TW.Source code released under GNU General Public License, version 2.0
Version 11.2.1
Released Feb 15, 2021 - 594.84 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2.1
============================================================
x Configurable capability to show noscript elements on
script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
attempts even if the canvas element is not attached to the
DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
interception) on ChromiumSource code released under GNU General Public License, version 2.0
Version 11.2
Released Jan 26, 2021 - 587.8 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
made Chromium-compatibile
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.9
Released Jan 17, 2021 - 586.09 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
added to existing subdomain (thanks barbaz for reporting)Source code released under GNU General Public License, version 2.0
Version 11.1.8
Released Jan 7, 2021 - 613.99 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.7
Released Dec 21, 2020 - 589.01 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
(thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.6
Released Dec 9, 2020 - 588.71 KBWorks with firefox 59.0 and later, android 59.0 and later(cc @lastknight, @raistolo)v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholdersSource code released under GNU General Public License, version 2.0
Version 11.1.5
Released Nov 6, 2020 - 587.78 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.5
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
ppxxbu and skriptimaahinen)
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.4
Released Oct 26, 2020 - 587.74 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.4
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
blob: media placeholders on Chromium
x Fixed race condition causing temporary settings not to
survive updates sometimes
x Updated TLDs
x [Mobile] Improved prompts appearance on AndroidSource code released under GNU General Public License, version 2.0
Version 11.1.3
Released Oct 9, 2020 - 587.11 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.3 (bump from 11.1.2 due to AMO versioning issues)
============================================================
x Fixed regression: document media and font restrictions
always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.1.1
Released Oct 6, 2020 - 587.06 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
(thanks Horsefly for report)Source code released under GNU General Public License, version 2.0
Version 11.0.46
Released Sep 18, 2020 - 585.44 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.46
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
runnning in subdocuments
x Fixed deferred scripts in file:// pages may run twice
(issue #155)
x Fixed rendering bug with scrolled file:// pages on soft
reload (thanks Iouri for report)
x Fixed 11.0.44 regression: ghost media item reported on
every page
x Better emulation of SVG eventsSource code released under GNU General Public License, version 2.0
Version 11.0.44
Released Sep 14, 2020 - 585.1 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.44
============================================================
x Dispatch synthetic SVGLoad event in soft load when needed
x [L10n] Updated da, es
x Fixed namespacing issues with script replacements
x Fixed media placeholder not shown when blocking Youtube
movies
x Work around for unpredictable content script execution
order
x Ensure content of NoScript prompts is always visible
x Fixed soft reload messing with non UTF-8 encodings (thanks
"Quest" for reporting)
x Updated TLDs
x [XSS] Fixed escape detection bug causing strage false
positives (thanks Dave Howorth for report)Source code released under GNU General Public License, version 2.0
Version 11.0.43
Released Sep 8, 2020 - 584.56 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.43
============================================================
x Fix for some race conditions causing corruptions in
non-HTML non-XML documentsSource code released under GNU General Public License, version 2.0
Version 11.0.42
Released Sep 4, 2020 - 584.4 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.42
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
x Updated TLDs
x Work-around for applying DOM CSP to non-HTML XML documents
(thanks skriptimaahinen)
x Document freezing to handle SVG and other XML documents
as a fallback before CSP insertion
x Refactored and improved syncFetchPolicy fallback for file:
and ftp: special casesSource code released under GNU General Public License, version 2.0
Version 11.0.41
Released Aug 24, 2020 - 580.44 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.41
============================================================
x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
unless scripts are allowed
x Updated TLDsSource code released under GNU General Public License, version 2.0
Version 11.0.40
Released Aug 23, 2020 - 580.22 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.40
============================================================
x Avoid synchronous policy fetching whenever possible
(fixes multiple issues)Source code released under GNU General Public License, version 2.0
Version 11.0.39
Released Aug 21, 2020 - 580.29 KBWorks with firefox 59.0 and later, android 59.0 and laterv 11.0.39
============================================================
x Fix reload loops on broken file: HTML documents (thanks
bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
(shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)Source code released under GNU General Public License, version 2.0