NoScript Security Suite Version History

847 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.1.9rc4 515.1 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.9rc4
==========================================================================
x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
used instead of "1.8"

v 2.1.9rc3
==========================================================================
+ [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
+ Better heuristic for XSSI detection
- Removed previous work-around XSSI exceptions
x Fixed some DOM traversal bugs (thanks al_9x for reporting)
x Refined Google search meta refresh blocking exception
x Added meta refresh blocking exception for t.co (Twitter URL shortener)

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc3 515.1 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

Version 2.1.9rc2 515.1 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc1 515.1 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.8rc3 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.8rc3
==========================================================================
+ Improved anti-popunder built-in surrogate
x Fixed object autowiring upon placeholder activation regressed by recent
surrogate sandboxing changes

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.8rc1 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.8 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.8
==========================================================================
+ Improved anti-popunder built-in surrogate
x Fixed object autowiring upon placeholder activation regressed by recent
surrogate sandboxing changes

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.8rc2 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.7 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.7
==========================================================================
x [ABE] Fixed subrequests matching an Anon action rule not being shown in
the logs if already anonymized by the browser

v 2.1.7rc1
==========================================================================
x Fixed error console noise regression from menu fixes (thanks al_9x and
Archaeopteryx for reporting)

v 2.1.6rc2
==========================================================================
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

v 2.1.6rc1
==========================================================================
x [Surrogate] Fixed sandboxed surrogates unable to set global variables

Version 2.1.7rc2 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.7rc2
==========================================================================
x [ABE] Fixed subrequests matching an Anon action rule not being shown in
the logs if already anonymized by the browser

v 2.1.7rc1
==========================================================================
x Fixed error console noise regression from menu fixes (thanks al_9x and
Archaeopteryx for reporting)

v 2.1.6rc2
==========================================================================
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

v 2.1.6rc1
==========================================================================
x [Surrogate] Fixed sandboxed surrogates unable to set global variables

Version 2.1.6rc2 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.6rc2
==========================================================================
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

Version 2.1.6rc1 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.6rc1
==========================================================================
x [Surrogate] Fixed sandboxed surrogates unable to set global variables

Version 2.1.5 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.5
==========================================================================
x Improved object wiring emulation on placeholder activation (thanks al_9x
for report and code)

v 2.1.5rc3
==========================================================================
+ [Surrogate] noscript.surrogate.sandbox preference to control the
execution method for inclusion surrogates

v 2.1.5rc2
==========================================================================
x Work-around for CORS incompatibility with internal redirects
- Removed legacy threading management support

v 2.1.5rc1
==========================================================================
x [Surrogate] Surrogates triggered by content policy calls get executed in
a sandbox
x Moved SWFObject and Silverlight patching to early scripts
x Replaced every reference to XHR's "on..." event handler properties with
their addEventListener() counterparts, to cope with bug 687332 fallouts

Version 2.1.5rc4 513.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.5rc4
==========================================================================
x Improved object wiring emulation on placeholder activation (thanks al_9x
for report and code)

v 2.1.5rc3
==========================================================================
+ [Surrogate] noscript.surrogate.sandbox preference to control the
execution method for inclusion surrogates

v 2.1.5rc2
==========================================================================
x Work-around for CORS incompatibility with internal redirects
- Removed legacy threading management support

v 2.1.5rc1
==========================================================================
x [Surrogate] Surrogates triggered by content policy calls get executed in
a sandbox
x Moved SWFObject and Silverlight patching to early scripts
x Replaced every reference to XHR's "on..." event handler properties with
their addEventListener() counterparts, to cope with bug 687332 fallouts

Version 2.1.5rc2 513.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.5rc2
==========================================================================
x Work-around for CORS incompatibility with internal redirects
- Removed legacy threading management support

v 2.1.5rc1
==========================================================================
x [Surrogate] Surrogates triggered by content policy calls get executed in
a sandbox
x Moved SWFObject and Silverlight patching to early scripts
x Replaced every reference to XHR's "on..." event handler properties with
their addEventListener() counterparts, to cope with bug 687332 fallouts

Version 2.1.5rc1 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.5rc1
==========================================================================
x [Surrogate] Surrogates triggered by content policy calls get executed in
a sandbox
x Moved SWFObject and Silverlight patching to early scripts
x Replaced every reference to XHR's "on..." event handler properties with
their addEventListener() counterparts, to cope with bug 687332 fallouts

Version 2.1.4rc2 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.4rc2
==========================================================================
x Fixed speculative parsing causing inclusion surrogates to be executed
twice (thanks al_9x for reporting)

v 2.1.4rc1
==========================================================================
x More efficient and Gecko-friendly HTTPS enforcing method

Version 2.1.3rc6 508.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.3rc6
==========================================================================
+ [Surrogate] Disqus surrogate to fix misplaced placeholder (thanks al_9x
for code)
+ [L10n] Bengali (thanks svarnava)
x Fixed missing placeholder for hidden embeddings (thanks royallin for
reporting)

v 2.1.3rc5
==========================================================================
+ [Surrogate] "Before" script surrogates (whose sources are prefixed with
'<') get executed before the matching external script starts loading
(thanks al_9x for RFE)
+ [Surrogate] "After" script surrogates (whose sources are prefixed with
'>') get executed immediately after the matching external script runs
(thanks al_9x for RFE)

v 2.1.3rc4
==========================================================================
x Fixed missing placeholder for plugin documents when collapsing blocked
object preference is set (thanks Mc for reporting)
x Removed problematic "(Temporarily) Allow all on this page" access keys
x Even better heuristic to match id-less replaced embeddings on reload

v 2.1.3rc3
==========================================================================
x Better heuristic to match id-less replaced embeddings on reload

v 2.1.3rc2
==========================================================================
x [XSS] Better compatibility with Facebook Connect apps

v 2.1.3rc1
==========================================================================
x Fixed unblocking HTML 5 media clips from placeholder causes the throbber
to spin indefinitely (thanks al_9x for reporting)
x Fixed "..txt" (rather than ".txt") being appended as the default file
extension when exporting NoScript's configuration / whitelist (thanks
SeanM for reporting)
x Fixed inital directory uncorrectly initialized by the configuration
export dialog on some platforms (thanks SeanM for reporting)

v 2.1.2.9rc1
==========================================================================
x Facebook Connect surrogate (thanks al_9x for code)
- Removed outdated anti-anti-adblocker surrogate

Version 2.1.4 514.0 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.4
==========================================================================
x Fixed speculative parsing causing inclusion surrogates to be executed
twice (thanks al_9x for reporting)

v 2.1.4rc1
==========================================================================
x More efficient and Gecko-friendly HTTPS enforcing method

Version 2.1.3rc4 508.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.3rc4
==========================================================================
x Fixed missing placeholder for plugin documents when collapsing blocked
object preference is set (thanks Mc for reporting)
x Removed problematic "(Temporarily) Allow all on this page" access keys
x Even better heuristic to match id-less replaced embeddings on reload

v 2.1.3rc3
==========================================================================
x Better heuristic to match id-less replaced embeddings on reload

v 2.1.3rc2
==========================================================================
x [XSS] Better compatibility with Facebook Connect apps

v 2.1.3rc1
==========================================================================
x Fixed unblocking HTML 5 media clips from placeholder causes the throbber
to spin indefinitely (thanks al_9x for reporting)
x Fixed "..txt" (rather than ".txt") being appended as the default file
extension when exporting NoScript's configuration / whitelist (thanks
SeanM for reporting)
x Fixed inital directory uncorrectly initialized by the configuration
export dialog on some platforms (thanks SeanM for reporting)

Version 2.1.3rc2 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.3rc2
==========================================================================
x [XSS] Better compatibility with Facebook Connect apps

v 2.1.3rc1
==========================================================================
x Fixed unblocking HTML 5 media clips from placeholder causes the throbber
to spin indefinitely (thanks al_9x for reporting)
x Fixed "..txt" (rather than ".txt") being appended as the default file
extension when exporting NoScript's configuration / whitelist (thanks
SeanM for reporting)
x Fixed inital directory uncorrectly initialized by the configuration
export dialog on some platforms (thanks SeanM for reporting)

Version 2.1.3rc1 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.3rc1
==========================================================================
x Fixed unblocking HTML 5 media clips from placeholder causes the throbber
to spin indefinitely (thanks al_9x for reporting)
x Fixed "..txt" (rather than ".txt") being appended as the default file
extension when exporting NoScript's configuration / whitelist (thanks
SeanM for reporting)
x Fixed inital directory uncorrectly initialized by the configuration
export dialog on some platforms (thanks SeanM for reporting)

Version 2.1.2.9rc1 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.9rc1
==========================================================================
x Facebook Connect surrogate (thanks al_9x for code)
- Removed outdated anti-anti-adblocker surrogate

Version 2.1.2.8 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.8
==========================================================================
x Fixed placeholders hard to activate on HTML 5 Youtube videos

v 2.1.2.8rc2
==========================================================================
x [XSS] Improved out-of-the-box compatibility with some Facebook games
x Fixed plugin blocking not working sometimes on file:// pages
loadeded before any network activity (thanks nagan for reporting)

v 2.1.2.8rc1
==========================================================================
+ Google Plus One surrogate (thanks al_9x for code)
- Removed t.co surrogate, since Twitter implemented a NOSCRIPT fallback

Version 2.1.2.8rc3 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.8rc3
==========================================================================
x Fixed placeholders hard to activate on HTML 5 Youtube videos

v 2.1.2.8rc2
==========================================================================
x [XSS] Improved out-of-the-box compatibility with some Facebook games
x Fixed plugin blocking not working sometimes on file:// pages
loadeded before any network activity (thanks nagan for reporting)

v 2.1.2.8rc1
==========================================================================
+ Google Plus One surrogate (thanks al_9x for code)
- Removed t.co surrogate, since Twitter implemented a NOSCRIPT fallback

Version 2.1.2.8rc1 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.8rc1
==========================================================================
+ Google Plus One surrogate (thanks al_9x for code)
- Removed t.co surrogate, since Twitter implemented a NOSCRIPT fallback

Version 2.1.2.7 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7
==========================================================================
x Better load progress feedback for hosts which are not DNS-cached yet
(thanks al_9x for reporting)

v 2.1.2.7rc3
==========================================================================
x Improved Google Analytics surrogate (thanks al_9x for code)
x More intuitive handling of the "live" behavior of the ABE ruleset editor
when syntax errors are introducd (thanks al_9x for reporting)

v 2.1.2.7rc2
==========================================================================
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.7rc4 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7rc4
==========================================================================
x Better load progress feedback for hosts which are not DNS-cached yet
(thanks al_9x for reporting)

v 2.1.2.7rc3
==========================================================================
x Improved Google Analytics surrogate (thanks al_9x for code)
x More intuitive handling of the "live" behavior of the ABE ruleset editor
when syntax errors are introducd (thanks al_9x for reporting)

v 2.1.2.7rc2
==========================================================================
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.7rc2 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7rc2
==========================================================================
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Version 2.1.2.7rc1 507.9 kB Works with Firefox 3.0 and later, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 and later

v 2.1.2.7rc1
==========================================================================
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility