Historique de version de NoScript

955 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 2.2.4rc1 507.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.4rc1
==========================================================================
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options not erases the untrusted blacklist until restart
(thanks ddigas for reporting)

Version 2.2.3.1-signed 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc4
==========================================================================
+ Configuration import/export directory is persisted across sessions

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected javascript: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

v 2.2.2rc5
==========================================================================
+ [Surrogate] Wrapped in lexical scoped blocks scripts also when debug
mode is on (thanks al_9x for RFE)
+ [Surrogate] Early one-time syntax checks on setup (thanks al_9x for RFE)
x [ClearClick] Better compatibility with some GMail embeddings
x [XSS] Better compatibility with Visual Studio in-browser documentation
x [ClearClick] Fixed Adblock Plus causing false positives on Fx 3.6
x Improved HTML 5 DnD XSS protection (thanks Soroush Dalili for reporting)
x [Locale] Latvian (thanks gymka)

v 2.2.2rc4
==========================================================================
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.3rc4 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc4
==========================================================================
+ Configuration import/export directory is persisted across sessions

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected javascript: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.3rc3 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected javascript: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.3rc2 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.3rc1 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

Version 2.2.2rc5 510.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

2.2.2rc5
==========================================================================
+ [Surrogate] Wrapped in lexical scoped blocks scripts also when debug
mode is on (thanks al_9x for RFE)
+ [Surrogate] Early one-time syntax checks on setup (thanks al_9x for RFE)
x [ClearClick] Better compatibility with some GMail embeddings
x [XSS] Better compatibility with Visual Studio in-browser documentation
x [ClearClick] Fixed Adblock Plus causing false positives on Fx 3.6
x Improved HTML 5 DnD XSS protection (thanks Soroush Dalili for reporting)

v 2.2.2rc4
==========================================================================
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.2rc4 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc4
==========================================================================
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.2rc3 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc3
==========================================================================
x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against SVG-based keylogging, can be disabled through
noscript.removeSMILKeySniffer about:config preference (thanks .mario for
reporting)

Version 2.2.2rc2 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc2
==========================================================================
x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.2rc1 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.2rc1
==========================================================================
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Version 2.2.1.1-signed 508.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1
==========================================================================
+ [Locale] Updated he-il (thanks baryoni)
x [ClearClick] Fixed incompatibility with the FoxTab add-on

v 2.2.1rc2
==========================================================================
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1rc3 507.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1rc3
==========================================================================
+ [Locale] Updated he-il (thanks baryoni)
x [ClearClick] Fixed incompatibility with the FoxTab add-on

v 2.2.1rc2
==========================================================================
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1rc2 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1rc2
==========================================================================
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1rc1 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2.1rc1
==========================================================================
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Version 2.2.1-signed 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2
==========================================================================
+ [ClearClick] Improved protection against Clickjacking on nested windowed
Flash targets (thanks Sommerrain and Tom T for reporting)

Version 2.2rc1 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.2rc1
==========================================================================
+ [ClearClick] Improved protection against Clickjacking on nested windowed
Flash targets (thanks Sommerrain and Tom T for reporting)

Version 2.1.9.1-signed 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9
==========================================================================
x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
used instead of "1.8"

v 2.1.9rc3
==========================================================================
+ [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
+ Better heuristic for XSSI detection
- Removed previous work-around XSSI exceptions
x Fixed some DOM traversal bugs (thanks al_9x for reporting)
x Refined Google search meta refresh blocking exception
x Added meta refresh blocking exception for t.co (Twitter URL shortener)

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc4 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9rc4
==========================================================================
x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
used instead of "1.8"

v 2.1.9rc3
==========================================================================
+ [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
+ Better heuristic for XSSI detection
- Removed previous work-around XSSI exceptions
x Fixed some DOM traversal bugs (thanks al_9x for reporting)
x Refined Google search meta refresh blocking exception
x Added meta refresh blocking exception for t.co (Twitter URL shortener)

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc3 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

Version 2.1.9rc2 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9rc2
==========================================================================
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.9rc1 503.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.9rc1
==========================================================================
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

Version 2.1.8rc3 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.8rc3
==========================================================================
+ Improved anti-popunder built-in surrogate
x Fixed object autowiring upon placeholder activation regressed by recent
surrogate sandboxing changes

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.8rc1 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.8.1-signed 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.8
==========================================================================
+ Improved anti-popunder built-in surrogate
x Fixed object autowiring upon placeholder activation regressed by recent
surrogate sandboxing changes

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.8rc2 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.8rc2
==========================================================================
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
==========================================================================
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Version 2.1.7.1-signed 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.7
==========================================================================
x [ABE] Fixed subrequests matching an Anon action rule not being shown in
the logs if already anonymized by the browser

v 2.1.7rc1
==========================================================================
x Fixed error console noise regression from menu fixes (thanks al_9x and
Archaeopteryx for reporting)

v 2.1.6rc2
==========================================================================
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

v 2.1.6rc1
==========================================================================
x [Surrogate] Fixed sandboxed surrogates unable to set global variables

Version 2.1.7rc2 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.7rc2
==========================================================================
x [ABE] Fixed subrequests matching an Anon action rule not being shown in
the logs if already anonymized by the browser

v 2.1.7rc1
==========================================================================
x Fixed error console noise regression from menu fixes (thanks al_9x and
Archaeopteryx for reporting)

v 2.1.6rc2
==========================================================================
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

v 2.1.6rc1
==========================================================================
x [Surrogate] Fixed sandboxed surrogates unable to set global variables

Version 2.1.6rc2 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.6rc2
==========================================================================
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

Version 2.1.6rc1 502.0 KiB Fonctionne avec Firefox 3.0 et supérieures, Mobile 1.0 - 2.0a1pre, SeaMonkey 2.0 et supérieures

v 2.1.6rc1
==========================================================================
x [Surrogate] Fixed sandboxed surrogates unable to set global variables