NoScript Security Suite Version History

955 versions

Be careful with old versions!

These versions are displayed for reference and testing purposes. You should always use the latest version of an add-on.

Version 2.0.3.4rc3 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.4rc3 (same as 2.0.3.4 final)
==========================================================================
+ [UI] Bold "Recently blocked" menu and items which have been attempted to
load from the currently displayed web site (thanks therube for RFE)
- Removed legacy (pre Fx 3) notification code

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.4rc2 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.3 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.3
==========================================================================
x Changed noscript.forbidIFramesContext about:config preference default to
3 (same base domain) to ensure better usability on complex sites (e.g.
new Twitter) for people who's blocking iframes on trusted sites
x Optimal sensitivity calibration for Hover UI trigger events

v 2.0.3.3rc3
==========================================================================
+ Improved Hover UI usability with the noscript.hoverUI.delayStop
about:config preference, dictating how many milliseconds the mouse must
stand still on NoScript's icon before NoScript's menu is displayed

v 2.0.3.3rc2
==========================================================================
+ [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
functions, in order to allow top-level variables to be forced read-only
by using the const keyword; built-in surrogates have been retrofitted to
prevent scope clashes, by adding anonymous function wrappers as needed

v 2.0.3.3rc1
==========================================================================
+ [UI] Configurable enter and exit delays for the hover UI behavior, via
noscript.hoverUI.delay* about:config preferences
x [ClearClick] improved compatibility with very short frames (like the top
bar on www.blogger.com, thanks craftcove for reporting)
x [Policy] Removed legacy code specializing TYPE_OTHER

Version 2.0.3.3rc4 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.3rc4
==========================================================================
x Changed noscript.forbidIFramesContext about:config preference default to
3 (same base domain) to ensure better usability on complex sites (e.g.
new Twitter) for people who's blocking iframes on trusted sites
x Optimal sensitivity calibration for Hover UI trigger events

Version 2.0.3.3rc3 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.3rc3
==========================================================================
+ Improved Hover UI usability with the noscript.hoverUI.delayStop
about:config preference, dictating how many milliseconds the mouse must
stand still on NoScript's icon before NoScript's menu is displayed

v 2.0.3.3rc2
==========================================================================
+ [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
functions, in order to allow top-level variables to be forced read-only
by using the const keyword; built-in surrogates have been retrofitted to
prevent scope clashes, by adding anonymous function wrappers as needed

Version 2.0.3.3rc1 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.3rc1
==========================================================================
+ [UI] Configurable enter and exit delays for the hover UI behavior, via
noscript.hoverUI.delay* about:config preferences
x [ClearClick] improved compatibility with very short frames (like the top
bar on www.blogger.com, thanks craftcove for reporting)
x [Policy] Removed legacy code specializing TYPE_OTHER

Version 2.0.3.2 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

v 2.0.3.1
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc4
==========================================================================
x Work-arounds for some CAPS implementation impedance mismatches (thanks
GµårÐïåñ and al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

v 2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3.2rc2 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2rc2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

Version 2.0.3.1rc7 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc7 (same as 2.0.3.1 final)
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

Version 2.0.3.1rc6 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

Version 2.0.3.1rc4 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1


v 2.0.3.1rc4
==========================================================================
+ Fixed some CAPS implementation impedance mismatches (thanks GµårÐïåñ and
al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

Version 2.0.3.1rc2 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

Version 2.0.3.1rc1 486.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3 486.0 KiB Works with Firefox 3.0 - 4.0b8pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

v 2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embeddings (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.3rc5 486.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3rc5
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

Version 2.0.3rc4 486.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

Version 2.0.3rc3 486.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

Version 2.0.3rc2 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embedding (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

Version 2.0.3rc1 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.2.5 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.5rc1 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5rc1
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.4rc2 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.4rc2 (identical to v 2.0.2.4 final)
==========================================================================
+ [XSS] Improved Facebook games compatibility
x [ClearClick] Fixed ABP tabs interfering with cross-window snapshots
x [ClearClick] Fixed bug preventing clicks on frames embedded by URLs
which have no host field
- Removed legacy code to handle ABP tabs on NoScript-blocked objects

v 2.0.2.4rc1
==========================================================================
x [HSTS] Fixed SSL certificate error pages not being patched (removing
the expert interface) when a broken HSTS site is open first time (thaks
Porkulus for reporting)

Version 2.0.2.4rc1 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.4rc1
==========================================================================
x [HSTS] Fixed SSL certificate error pages not being patched (removing
the expert interface) when a broken HSTS site is open for the first time
(thaks Porkulus for reporting)

Version 2.0.2.3 485.0 KiB Works with Firefox 3.0 - 4.0b6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.3
==========================================================================
x [XSS] Fixed optimization bug which may lead to slower checks on specific
source patterns

Version 2.0.2.3rc1 485.0 KiB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.3
==========================================================================
x [XSS] Fixed optimization bug which may lead to slower checks on specific
source patterns

Version 2.0.2.2rc2 485.0 KiB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.2rc2
==========================================================================
x [XSS] Huge InjectionChecker speed optimization, prevents most DOS false
positives caused by checks timeout (thanks Sylvia Oberstein for report)

Version 2.0.2.1rc1 485.0 KiB Works with Firefox 3.0 - 4.0b5pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.1rc1 (identical to 2.0.2.1 final)
==========================================================================
x [Surrogate] Fixed fallback regression (thanks al_9x for report)

v 2.0.2
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)
x Fixed matching issue with document.open() pages

v 2.0.2rc10
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

v 2.0.2rc6
==========================================================================
x Fixed regression in SWFObject emulated support (thanks al_9x for report)
x [Surrogate] Disabled inconsistent surrogate execution on pages created
with document.open()

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield
x [ClearClick] Work-around for uservoice.com false positive

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.2rc11 485.0 KiB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2rc11 (identical to 2.0.2 final)
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)
x Fixed matching issue with document.open() pages

v 2.0.2rc10
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

v 2.0.2rc6
==========================================================================
x Fixed regression in SWFObject emulated support (thanks al_9x for report)
x [Surrogate] Disabled inconsistent surrogate execution on pages created
with document.open()

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield
x [ClearClick] Work-around for uservoice.com false positive

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.2rc10 485.0 KiB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc10
==========================================================================
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc8
==========================================================================
x Minor accessibility enhancements (thanks Jonathan Ely for report)

v 2.0.2rc7
==========================================================================
x [Surrogate] Enabled back surrogate execution on pages created with
document.open(), identified by the pseudo-URL "wyciwyg:" for matching
purposes
x [Surrogate] Surrogates sources can match any URL except those with
scheme chrome, resource, about or view-source

v 2.0.2rc6
==========================================================================
x Fixed regression in SWFObject emulated support (thanks al_9x for report)
x [Surrogate] Disabled inconsistent surrogate execution on pages created
with document.open()

v 2.0.2rc5
==========================================================================
+ [Surrogate] Removed execution dependency on early DOM manipulation
x [ABE] Fixed Anonymize action causing exceptions to be reported in console
sometimes on Minefield
x [ClearClick] Work-around for uservoice.com false positive

v 2.0.2rc4
==========================================================================
x [XSS] Work-around for XSS by design in the Facebook API preventing some
games from working properly
x [Surrogate] fixed surrogates interfering with forced NOSCRIPT element
activation

v 2.0.2rc3
==========================================================================
+ [Surrogate] Improved page-level surrogate timing on Gecko version
1.9.2.8 and above
x [Surrogate] Fixed in-frame page-level surrogates causing some sites to
loose history navigation functionality
- [Surrogate] Dropped support for page-level in-frame surrogates on Gecko
version 1.9.2.7 and below
x [XSS] Correctness enhancement in the ASP Unicode homograph work-around

v 2.0.2rc2
==========================================================================
+ [XSS] Work-around for questionable Unicode to ASCII homographic
conversions performed by Microsoft's "Classic" ASP
x Tighter UI synchronization callbacks

v 2.0.2rc1
==========================================================================
x Tentative fix for UI sync regression reported by al_9x

Version 2.0.2rc9 485.0 KiB Works with Firefox 3.0 - 4.0b4pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 2.0.2rc9
==========================================================================
x [Surrogate] Fixed scoping issue in debug mode
x [Surrogate] Adapted existing surrogates to new page-level execution
method
x Further accessibility enhancements (thanks Jonathan Ely for report)