Historial de versiones de NoScript

747 versiones

¡Ten cuidado con las versiones antiguas!

Estas versiones se muestran con propósitos de referencia y pruebas. Debes usar siempre la última versión de un complemento.

Versión 1.9.9.96 486.4 kB Funciona con Firefox 3.6 - 3.7a6pre, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 - 2.1a3

v 1.9.9.96
==========================================================================
x Fixed Script Surrogates activation glitches

v 1.9.9.95
==========================================================================
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2
==========================================================================
x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1
==========================================================================
+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
==========================================================================
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
==========================================================================
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
==========================================================================
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91
==========================================================================
x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
==========================================================================
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
==========================================================================
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
==========================================================================
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Versión 1.9.9.87 484.4 kB Funciona con Firefox 1.5 - 3.7a6pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.87
==========================================================================
x Improved URL parsing in META refresh interception
x Optimized * universal pattern in AddressMatcher
x Better error reporting during the execution of location bar scriptlets

v 1.9.9.86
==========================================================================
+ Better timing for page-level script surrogates inside frames
+ mime/type@http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)
+ Improved XSS checks accuracy (less false positives) and performance
+ Enhanced management of recent Silverlight versions (thanks al_9x for
reporting)

v 1.9.9.85
==========================================================================
+ More accurate checks for META inside NOSCRIPT with HTML 5 parser
x Fixed possible DOS condition on some kinds of very long URLs

v 1.9.9.84
==========================================================================
x Improved heuristic for background refresh automatic blocking and
reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element

v 1.9.9.83
==========================================================================
x Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)

v 1.9.9.82
==========================================================================
+ More discreet and automated anti-tabnagging protection (refreshes are
blocked on unfocused tabs and get automatically executed only when
tab gets in focus again)
+ Slight optimization of AddressMatcher tests on .site.com clauses
x Fixed noscript.forbidBGRefresh.exceptions not being honored
x Better handling of error conditions happening during ABE's channel
replacement internal redirections (thanks al_9x for reporting)
x Fixed minor feedback icon glitches (thanks al_9x for reporting)

Versión 1.9.9.81 483.3 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 2.0a1pre, SeaMonkey 1.1 - 2.1a2

v 1.9.9.81
==========================================================================
+ Experimental blocking of page refreshes happening inside untrusted
unfocused tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing" variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:
0 - no blocking
1 - block refreshes on untrusted unfocused tabs
2 - block refreshes on trusted unfocused tabs
3 - block refreshes on both trusted and untrusted unfocused tab
Address patterns matching pages which shouldn't be affected can be
listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression

v 1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

Versión 1.9.9.80 482.3 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

1.9.9.80
==========================================================================
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79
==========================================================================
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

v 1.9.9.78
==========================================================================
x Redirect cache for scripts and XBL only
x Fixed cross-site CSS being blocked under some circumstances (e.g.
on Flicker and Yahoo)

Versión 1.9.9.77 483.3 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre


v 1.9.9.77
==========================================================================
+ ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account
+ ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
x Fixed iconic feedback inconsistencies when untrusted blocked objects
are mixed with full-trusted content (tanks al_9x for reporting)
x Fixed Injection Checker false positives on some kinds of complex nested
URLs (thanks Sirdarckcat for reporting)
x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)

v 1.9.9.76
==========================================================================
x Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting)
x Fixed about: URL not being shown in NoScript menu (thanks al_9x for
reporting)
x Removed minor strict warnings on Minefield

v 1.9.9.75
==========================================================================
x Redirected site caching now skips plugin content
x Removed __parent__ usages for Minefield compatibility
x Removed some strict warnings (thanks timeless for reporting)

Versión 1.9.9.74 480.3 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.74
==========================================================================
x Fixed false positive issue with empty cross-site POST requests (thanks
Bahamut for reporting)

v 1.9.9.73
==========================================================================
x Fixed potential double-firing command issue on Firefox Mobile
+ Added about:addons and about:home to the mandatory whitelist
+ Improved responsivity and usability on Firefox Mobile

v 1.9.9.72
==========================================================================
x Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile
+ Finger-friendlier UI on Firefox Mobile

Versión 1.9.9.71 479.2 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.71
==========================================================================
+ Added "Allowed with untrusted sources and blocked objects" icon
x Fixed minor inconsistencies in new partial allowance feedback icons
(thanks al_9x for reporting)

v 1.9.9.70
==========================================================================
+ Compatibility and better integration with latest Firefox Mobile (Fennec)
+ Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)
+ New specific partial status icon for pages where all scripts are allowed
but some objects are blocked (thanks al_9x for RFE)
+ "about:blank" won't be shown as a secondary source in NoScript's UI. Old
behavior can be restored by setting the noscript.showBlankSources
preference to true (thanks al_9x for RFE)
+ googleapis.com in the default whitelist
x Fixed 2nd order indirect InjectionChecker bypass (thanks Sirdarckcat for
reporting)
x Fixed a Mac OS X specific InjectionChecker decoding issue (thanks
Colling Jackson for reporting)

Versión 1.9.9.69 468.0 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.69
==========================================================================
x Further compatibility improvements in complex bookmarklets handling

v 1.9.9.68
==========================================================================
x Better asynchronous bookmarklets handling, should not crash on
Readability anymore
x Ultimate (maybe!) fix for trunk bug 556739 breakage

v 1.9.9.67
==========================================================================
x Better fix for trunk bug 556739 breakage

v 1.9.9.66
==========================================================================
x Further embed-only sites in menu fixes (thanks al_9x for reporting)

v 1.9.9.65
==========================================================================
x Fixed bookmarklet support broken on trunk by bug 556739 (thanks dhouwn
for reporting)
x Fixed embed-only sites shown in main menu again (thanks al_9x for
reporting)

v 1.9.9.64
==========================================================================
x Better untrusted menu behavior on embedding only sources (thanks al_9x
for reporting)
x Improved InjectionChecker compatibility with OpenID and other complex
requests (thanks Jamie Cox for reporting)
x Fixed accurate Base64 injection checks breaking some encrypted Paypal
buttons

Versión 1.9.9.63 465.9 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.63
==========================================================================
x Removed ":0" wildcards from NoScript menu in ignorePorts=false mode to
prevent confusing behaviors (thanks al_9x for suggestion)
+ Embedding-only sites are shown in the Untrusted menu if placeholders are
set to be hidden for untrusted embeddings (thanks al_9x for suggestion)

v 1.9.9.62
==========================================================================
x Improved XSS filter sensitivity for Base64-encoded payloads (thanks
Stefano Di Paola for suggestion)
x Improved Facebook connect compatibility (thanks Peter Alexander for
reporting)
x Removed __count__ usage in DNS cache management (SpiderMonkey compat)
x Fixed "Attempt to fix Javascript links" not working when the javascript:
scheme is mixed-case (thanks al_9x for reporting)

Versión 1.9.9.61 464.9 kB Funciona con Firefox 1.5 - 3.7a5pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.61
==========================================================================
x Fixed InjectionChecker infinite recursion bug on certain requests
(thanks dhouwn for reporting)
x Fixed plugin activation patches not being applied under some
circumstances

v 1.9.9.60
==========================================================================
+ Pluggable site info page (default http://noscript.net/info/%utf8%;%ace%)
can be opened by middle-click or shift+click on any site entry in
NoScript's menus, and can be configured by editing the
noscript.siteInfoProvider about:config preference
+ More user-friendly management of non-standard TCP ports
x Fixed release notes page might break session restore sometimes
x Locale files maintenance
+ Object sources won't appear in main menu when embedding restrictions
apply to whitelist; previous behavior can be restored by setting the
noscript.alwaysShowObjectSources to false (thanks al_9x for RFE)

v 1.9.9.59
==========================================================================
x Better management of cached requests
x Fixed allowing objects from "Blocked objects" reloading only the first
of each URL/mime pair group (thanks al_9x for reporting)
x Improved Facebook widgets compatibility (thanks Peter Alexander and
Chuck Mullen for reporting)
x Fixed "Allow scripts globally" setting being ignored by the bulk
configuration import feature (thanks Mike Perry for reporting)
x Fixed "Mark as untrusted" menu items being shown in "Allow scripts
globally" mode even if both "Untusted" and "Mark as untrusted" are
unchecked in the Appearace options tab (thanks Mike Perry for reporting)
x Improved bookmarklets support
x Minor bug fixes in jolly port matching
x Improved Anti-Popunder surrogate (thanks justaguest for reporting)

v 1.9.9.58
==========================================================================
x Fixed HTMLObjectElement plugin content being blocked by X-Frame-Options
checks (thanks Titioz for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=553901

Versión 1.9.9.57 465.9 kB Funciona con Firefox 1.5 - 3.7a4pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.57
==========================================================================
x Fixed feed subscription broken on sites implementing X-Frame-Policy
(regression from 1.9.9.56, thanks al_9x for reporting)
x Included js.wlxrs.com in default whitelist in order to make Hotmail
login work out-of-the-box for new users

Versión 1.9.9.50 464.9 kB Funciona con Firefox 1.5 - 3.7a4pre, Mobile 0.1 - 1.1a2pre, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.50
==========================================================================
+ Updated ABE grammar to use new AddressMatcher syntactic sugar
+ Alert about ABE syntax errors when option dialog gets focused after a
ruleset editing (thanks al_9x for suggestion)

v 1.9.9.49
==========================================================================
+ .x.y AddressMatcher syntactic sugar, matching both x.y and *.x.y (thanks
al_9x for suggestion)
+ InjectionChecker speed and accuracy improvements
x Fixed top-level site not being correctly positioned and highlighted in
permissions menu sometimes (thanks nagan for report)
x Fixed post-XSS "Unsafe reload" not working properly sometimes

v 1.9.9.48
==========================================================================
x Fixed a second level InjectionChecker bypass, requiring an open redirect
which accepts and uses unfiltered data: URIs. Responsible disclosure by
the SecuriTeam Secure Disclosure (SSD) project
x Fixed reload on permission change being triggered on the nearest 10 tabs
only
x Fixed permanent address entry being added to the whitelist if domain is
already allowed upon bookmarklet execution (thanks Bobabo for report)
x Better UI behavior for URLs with non-standard ports (thanks al_9x for
report)
x Updated nb-NO localization

Versión 1.9.9.47 465.9 kB Funciona con Firefox 1.5 - 3.7a2pre, Mobile 0.1 - 1.1a1, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.47
==========================================================================
x Fixed XSS checks skipped on some reloads (thanks Alejandro Rusell for
report)
x Improved content placeholder management
x Mobile version bump

v 1.9.9.46
==========================================================================
x Fixed uneeded tab reload issue related to untrusted subdomains (thanks
al_9x for reporting)
x Optimized reload checks for the "hundreds of tabs" case, in order to
prevent UI locking
x Improved XSS checks on file uploads, should not hang even on gigabytes
x Trunk compatibility version bump

Versión 1.9.9.45 462.8 kB Funciona con Firefox 1.5 - 3.7a2pre, Mobile 0.1 - 1.1a1, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.45
==========================================================================
x Enhanced compatibility with Paypal encrypted buttons
x Fixed some anti-popunder surrogate incompatibilities

v 1.9.9.44
==========================================================================
x Fixed allowing a Flash object causing a page reload sometimes (thanks
al9_x for reporting)
x Script Surrogate to work around Facebook's "noscript" cookie
x Fixed minor incompatibilities caused by the anti-popunder surrogate

v 1.9.9.43
==========================================================================
x Fixed broken popup issue on some sites (thanks John for reporting)
x Fixed ghost sites in context menus on about:blank after a complex
frame structure with redirects has been shown in the same tab (thanks
simpleton for reporting)
x Fixed XSS false positive on certain nested URL patterns (thanks
NoRelationToNed for reporting)

Versión 1.9.9.42 462.8 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.42
==========================================================================
+ ClearClick: more efficient code paths specific to Fx 3.6 and above
x Fixed zoom-related ClearClick false positives on Fx 3.6 and above
x Fixed fonts being reported as "unknown" type in Blocked Objects menu

v 1.9.9.41
==========================================================================
+ Fix for newline-based double-reflection InjectionChecker bypass (thanks
Sirdarckcat for reporting)
x Surrogate scripts from local files: surrogate's replacement is treated
as a file:// URL and resolved against current browser profile if it
starts with "file://", "./" or "../" (thanks Richard Stallman, Johan
Euphrosine and Sam Imtiaz)

v 1.9.9.40
==========================================================================
x Improved bookmarklet compatibility

Versión 1.9.9.39 458.8 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.39
==========================================================================
x Fixed quirks mode triggered by surrogate execution on Gecko < 1.9.1
(thanks Power for suggestions)

v 1.9.9.38
==========================================================================
x Fix for some popups broken by 1.9.9.37

v 1.9.9.37
==========================================================================
x Fixed potential infinite loop occurring when window.open is called in a
recursive context, e.g. on Google Reader (thanks Qbert for reporting)
x Fixed mishandling of non-default 1 value for the proxiedDNS preference

Versión 1.9.9.36 458.8 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.36
==========================================================================
+ Anti-Popunder surrogate now applies to all HTTP pages by default
+ DNS activity logging facility (disabled by default)
x Slight optimization of DNS lookups
x Temptative fix for https://bugzilla.mozilla.org/show_bug.cgi?id=501446
crasher (thanks timeless)

Versión 1.9.9.35 457.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.35
==========================================================================
x Updated Firefox Mobile (Fennec) compatibility
x Improved and generalized Anti-Popunder surrogate

v 1.9.9.34
==========================================================================
+ Anti-Popunder surrogate extended to AWEmpire popunders (on empornium.us
by default, customizable in noscript.surrogates.popunder.sources)
x Fixed bug in bookmarklet support on about:blank (thanks Milind for
reporting)
x Improved InjectionChecker compatibility with letitbit.net uploads
x Improved InjectionChecker compatibility with Rapidshare uploads

v 1.9.9.33
==========================================================================
x Better HTTPS/HTTP redirection support (thanks ttt for reporting)

v 1.9.9.32
==========================================================================
+ Further InjectionChecker optimizations, providing a dramatic speed boost
on nested URLs (e.g. on iGoogle and many ad networks)

v 1.9.9.31
==========================================================================
+ InjectionChecker accuracy optimization, preventing false positives in
some edge cases with nested URLs (thanks Aditya K Sood for reporting)

Versión 1.9.9.30 457.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.30
==========================================================================
+ Injection Checker compatibility with Livejournal comment posting
+ Improved ClearClick compatibility with Facebook applications

v 1.9.9.29
==========================================================================
x Temptative work-around for hard to reproduce content policy DOS false
positive on comcast.net (thanks Jim Too and Alan Baxter for reporting)

v 1.9.9.28
==========================================================================
x Work-around for a Flash player double-instantiation bug in Gecko 1.9.0
preventing some movies from playing (thanks secdroid for reporting)
- Removed placeholder enhancements for Gecko 1.8.x, due to unwanted side
effects on some sites

Versión 1.9.9.27 456.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.27
==========================================================================
x Placeholder enhancements backported to Gecko 1.8.x
x Fixed missing placeholders on Gecko 1.8.x (thanks al9_x for reporting)

v 1.9.9.26
==========================================================================
x Reduced reflow chances on placeholder activation
x Improved InjectionChecker compatibility with Facebook Connect

v 1.9.9.25
==========================================================================
x Fixed Flash swallowed clicks regression on Gecko 1.8.x (thanks al9_x for
reporting)

v 1.9.9.24
==========================================================================
x Fixed "Temporarily allow" regression

v 1.9.9.23
==========================================================================
+ Specific scriptless partial permissions icon for partially allowed
framesets (thanks al9_x for reporting)
x Reduced disk activity on permission change (thanks al9_x for RFE)
x Work-around for a Java initialization failure

Versión 1.9.9.22 456.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

Versión 1.9.9.18 455.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.18
==========================================================================
x Removed residual compound attribute-based injection chance (thanks
Sirdarckcat for reporting)

v 1.9.9.17
==========================================================================
x Fixed residual crash issue when favicons need to be redirected to HTTPS
x Enhanced ClearClick compatibility with Photbucket

v 1.9.9.16
==========================================================================
+ Better object unblocking behavior, triggering a page reload if allowed
object has no layout (i.e. was meant to be scripted only), increasing
usability of trusted restrictions e.g. in VMWare Server's console
x Work-around for a Firefox image caching crashing bug triggered by HTTPS
enforcement on mixed content
x Improved compatibility with Ebay (thanks STB2008 for reporting)

Versión 1.9.9.15 455.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.15
===================================================================
x Fixed HTTPS enforcement for embedded images breaking HTTP authentication
(thanks polie for report)
x Fixed XHR breakage when called from a Worker (thanks Apeiron for report)
x Skip link fixing on right click
x Improved bookmarklet execution mechanism
x Improved compatibility of InjectionChecker with Facebook Connect
x Improved compatibility of InjectionChecker with Lycos Mail

Versión 1.9.9.14 454.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.14
==========================================================================
x Fixed page loading issues (hard to reproduce but reported by many)

v 1.9.9.13
==========================================================================
x Fixed page loading regression from "Hijack checks skip error pages"
optimization in 1.9.9.12 (hard to reproduce but reported by many)
x Fixed attribution of Romanian translation

Versión 1.9.9.12 455.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.12
==========================================================================
+ Allowing a plugin object which size is not set reloads the page,
assuming that scripts are used to size it
+ Google Translate XSS exception
+ abine:* ClearClick subexception
+ Updated localizations
x Removed current URL leaking into RegExp properties if invisible link
detection is enabled
x Hijack checks must skip error pages (thanks luntrus for report)
x Fixed XSS false positive at travelocity.com (thanks Chris Lonsberry)

Versión 1.9.9.11 454.7 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.11
==========================================================================
+ Reorganization of the "Embeddings" (FKA "Plugins") options panel
+ "Forbid <VIDEO>, <AUDIO>" option in the "Embeddings" panel
+ "Forbid @font-face" option in the "Embeddings" panel
+ ClearClick report id made selectable (thanks therube for RFE)

v 1.9.9.10
==========================================================================
+ Webfonts blocking from untrusted sources and on untrusted pages,
controlled by the noscript.forbidFonts about:config preference (UI
planned for later, thanks Mike Perry for RFE)
+ noscript.forbidMedia about:config preference controlling HTML 5 media
blocking independently from the "Forbid other plugins" setting (UI
planned for later)
+ Improved live object allowing/forbidding
x Fixed potential false positives generated by Spidermonkey's decompiler
artifacts

v 1.9.9.09
==========================================================================
x Fixed noscript.forbidData not being honored (thanks Chris for report)
x Fixed Trillian to Yahoo Mail! XSS false positive (thanks maryadavies and
Thomas for reports)

v 1.9.9.08
==========================================================================
x Fixed potential cache issues due by header cloning on internal redirects
(thanks GregThomas for report)

Versión 1.9.9.07 451.6 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.07
==========================================================================
+ Improved Google Analytics surrogate, handling form submissions (thanks
Alan Baxter for report)

v 1.9.9.06
==========================================================================
+ Added https://mail.google.com/* to X-Frame-Options parent whitelist, in
order to allow GMail/Calendar mashups via extensions and GreaseMonkey
x Fixed noscript.forbidIFrameContext set to 0 blocking top-level web pages
loading (thanks al_9x for report)
x Fixed Yahoo! Mail login persistence issue (thanks Ronnie for report)

v 1.9.9.05
==========================================================================
+ Improved emulation of complex bookmarklet import sequences
x Fixed potential issue in new InjectionChecker C++ style comments code

v 1.9.9.04
==========================================================================
x Fixed header cloning bug in internal redirections
x Better management of C++ style comments in InjectionChecker
x Fixed legacy frames retargeting bug (thanks Andrew Fisher for reporting)

v 1.9.9.03
==========================================================================
+ noscript.frameOptions.enabled about:config preference to control if the
X-Frame-Options header must be honored
x noscript.frameOptions.parentWhitelist preference to exclude some parent
window from X-Frame-Options checks on their embedded frames
x Enhanced internal redirection mechanism
x Fixed Weave 0.7pre log window incompatibility

v 1.9.9.02
==========================================================================
x Improved InjectionChecker's heuristic (thanks Sirdarckcat for reporting)

Versión 1.9.9.01 450.6 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.9.01
==========================================================================
x Fixed InjectionChecker micro-injecion scanning bug (thanks Sirdarckcat
for reporting)

v 1.9.9 (FKA 1.9.8.9)
==========================================================================
+ First public Strict Transport Security implementation, see
http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/
x Fixed Javascript disabled in about:neterror pages if the broken
destination page is marked as untrusted (thanks al_9x for report)
x Improved HTTPS enforcement, honoring original referer
x Fixed a potential "unresponsive script" InjectionChecker condition
(thanks Sirdarckcat for reporting)
x Fixed help links not opening from NoScript's UI on Minefield
x Fixed ABE LOCAL symbol matching 172.16.0.0/16 rather than the
whole 172.16.0.0/12 (thanks Antal for reporting)

v 1.9.8.89
==========================================================================
x InjectionChecker optimization on long Base64 sequences (thanks skl
for report)

v 1.9.8.88
==========================================================================
x X-Frame-Options applied only to ultimate load, after redirection
(compatibility with IE8's and Chrome's implementation)
x Fixed Flash activation bug on Gecko

Versión 1.9.8.86 448.5 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.86
====================================================================
x Fixed kongregate.com incompatibility (thanks jthill for report)

v 1.9.8.85
====================================================================
+ Updated MK locale
x QA for release

v 1.9.8.84
====================================================================
x Flash object emulation to fool SWFObject 2.2 version detection
without instantiating a real Flash object (thanks al9_x for test)

v 1.9.8.83
====================================================================
x Fixed bug in the new Flash early instantiation management (thanks
al9_x for reporting)

v 1.9.8.82
====================================================================
x Upper limit to bookmarklet setTimeout() emulation, in order to
prevent infinite pseudo-loops
x Improved InjectionChecker algorithms (thanks Sirdarckcat for
suggestions)
x Early URL-less Flash objects are instantiated only if Flash
permissions have been already granted to the origin site

v 1.9.8.81
====================================================================
x Fixed issue with early manipulation of Flash objects whose source
URL has not been set yet (thanks al9_x for reporting and Grump
Old Lady for proxy/VPN testing infrastructure)

Versión 1.9.8.8 447.5 kB Funciona con Firefox 1.5 - 3.7a1pre, Mobile 0.1 - 1.0.*, SeaMonkey 1.1 - 2.1a1pre

v 1.9.8.8
====================================================================
x Improved bookmarklet setTimeout() emulation (delay ordering is
honored and pseudo-recursion is supported)
x Update locales

v 1.9.8.72
====================================================================
x Moved the NoScript status label to the left of the status icon,
in order to avoid "jumps" when using the sticky menu (thanks nagan
and frsch for suggestions)
x Improved management of HTTPS forcing during HTTP redirections
x Fixed incompatibility with Minefield/3.7a1pre build 20090827
(thanks Itsnow for reporting)

v 1.9.8.71
====================================================================
+ "Recently blocked sites" now shows the object icon for trusted
sites which are listed because some content has ben blocked
x Fixed sites shown in "Recently blocked sites" if content-blocking
restrictions are applied even when no content has been blocked yet
(thanks Alan Baxter for reporting)