Historique de version de NoScript

419 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 10.1.8.2 364.5 KiB Fonctionne avec Firefox pour Android 59.0 et supérieures, Firefox 59.0 et supérieures

v 10.1.8.2
=============================================================
+ Popup toolbar buttons fully configurable via Drag'n'Drop
x Removed redundant leading "NoScript" in window titles
x Work-around for Firefox 60 bug breaking about:blank pages
when a WebExtension declares a "document_start" CSS (thanks
skriptimaahinen for report and fix)
x Fixed buttons in the "hide area" still responsive to clicks

Version 10.1.8.1 362.9 KiB Fonctionne avec Firefox pour Android 59.0 et supérieures, Firefox 59.0 et supérieures

v 10.1.8.1
=============================================================
+ [UI] "Disable restrictions for this tab" button in popup
+ [UI] "Disable restrictions globally" button in popup
x Fixed some content blocking stats collection bugs (Thanks
Rob Wu and skriptimaahinen for reports)
x Fixed data: and blob: URIs could be loaded as object and
media sources independently from the parent page's
permissions (thanks skriptimaahinen for report)
x Several performance improvement in inter-process content
blocking stats synchronization (thanks Rob Wu for report)
x [UI] Improved in-popup messages
x [UI] Simplified URL management in "Allow object" prompt
x Fixed dynamic scripts URL matching inconsistencies

Version 10.1.7.5 366.5 KiB Fonctionne avec Firefox pour Android 59.0 et supérieures, Firefox 59.0 et supérieures

v 10.1.7.5
=============================================================
x Fixed edge case CSP injection bug (thanks Rob Wu)
x Optimized dynamic script injection (thanks Rob Wu)
x Fixed potential leak on dynamic script injection (thanks
Rob Wu for report)
x Now NoScript's UI on privileged pages explains permissions
cannot be configured there, rather than bluntly opening the
Options page (thanks Rob Wu for suggestion)

Version 10.1.7.4 366.4 KiB Fonctionne avec Firefox pour Android 59.0 et supérieures, Firefox 59.0 et supérieures

v 10.1.7.4
=============================================================
x Fixed script enablement status not correctly detected on
some pages rolling their own CSP (causing NOSCRIPT element
and META refresh emulation not to be triggered)
x Fixed "Appearance" NoScript Options tab missing on Android
x [XSS] Fixed semicolon-separated JSON payloads DDOSing the
JSON-optimizer, e.g. with syndication.twitter.com subframes
(thanks KonomiKitten and pal1000 for reports)
x [UI] Renamed "Scripts globally allowed (dangerous)" option
to "No permissions enforcement (dangerous)" to better
reflect its actual effect
x [UI] Better feedback about "No permission enforcement" by
disabling the "Preset customization" section and and the
"Per-site Permissions" tab
x [UI] Moved XSS-related options to the "Advanced" tab
x Fixed disabled webgl breaking feeds on script-enabled sites
(thanks pal1000 for reporting)
x Enhanced dynamic script injection if browser.contentScripts
API is available
x Expanded support for webgl canvas placeholders

Version 10.1.7.3 366.1 KiB Fonctionne avec Firefox pour Android 59.0 et supérieures, Firefox 59.0 et supérieures

v 10.1.7.3
=============================================================
x Fixed infinite script count report loops on some sites
(thanks AuntyJack, @ALoss2 and others for reporting)
x Fixed localhost not being recognized as a domain (thanks
skriptimaahinen for patch)
x Fixed regression causing NOSCRIPT element and META refreshes
not to be emulated anymore on script-disabled pages (thanks
barbaz and fatboy for reporting)

Version 10.1.6.5 361.7 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.6.5
=============================================================
+ Context menu on web pages to access main UI
x Fixed UI regression showing only the two rightmost
components of IPv4 addresses
x [XSS] More specific and unobtrusive handling of window.name
sanitization
x Fixed "XSS User Choices" not being included in Export files

Version 10.1.6.4 361.8 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.6.4
=============================================================
x Fixed race condition on XSS filter first load
x Fixed duplicate entries in UI on page reloads (thanks 8-bit
for reporting)
+ Spinner for long sites lists in Options page
- Removed obsolete work-around for accidental TRUSTED preset
wiping
x [UI] Fixed clicking on capability's label doesn't toggle
the related checkbox (thanks dhouwn and olf for reporting)
x [XSS] Fixed false positives on badly encoded URLs (thanks
sage11 for reporting)

Version 5.1.8.4 759.1 KiB Fonctionne avec Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.6.4
=============================================================
x Fixed XSS false positive on some Facebook embeddings
(thanks barbaz for reporting)
x Fixed edge case origin checks for WebExtensions embedded in
privileged documents
x Fixed DNT support initialization regression (thanks barbaz
for reporting)
x [XSS] Fixed false positives on badly encoded URLs (thanks
sage11 for reporting)
x Script Surrogates don't affect privileged URLs anymore,
unless the noscript.surrogate.matchPrivileged about:config
preference is set to true (thanks barbaz for RFE)
x [e10s] Fixed temporary permissions inter-process sync issue
(thanks to the TorBrowser team for solution)

Version 10.1.6.3 361.3 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.6.3
=============================================================
x Improved tooltip clarity
x Added version number to the browser action tooltip (thanks
therube for RFE)
x More restrictive domain matching in the main UI for "fake"
TLDs, showing pseudo 2nd level domains containing one dot
x Domain matching now treats unknown no-dot domains (not in
the public suffixes list) as TLDs everywhere (fix finally
not overwritten by auto-generated tld.js)
x Fixed rc4 regression causing synchronized changes not to be
persisted
x Smarter XSS popup behavior when reporting concurrent events
from/to the same origins
x Fixed full breakage when sync storage is disabled
x Improved layout on small screens (less than 10cm wide)
x Moved preset customization into its own (more discoverable)
global Options section, rather than embedded in assignment
x Improved validation of manual entries
x Needed capabilities highlighted also on short-hand domain
matched entries inside the CUSTOM preset
x Domain matching now works also for manually entered TLDs
and pseudo-TLDs, such as "gov.us" or "cloudflare.net"

Version 10.1.6.2 360.4 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.6.2
=============================================================
+ Individual temporary / permanent TRUSTED preset buttons
- Removed customizability of DEFAULT, TRUSTED and UNTRUSTED
preset from the popup (reported as a major source of
confusion) while keeping it in the Options tab
x Better display on mobile devices in portrait mode
x Fixed focus bug on mobile devices
x Fixed confirmation prompt when loading Site Info for the
first time being ignored
x Fixed import feature failing on some full JSON "Classic"
export files (thanks Floe for reporting)
x Fixed policy serialization bug causing temporary TRUSTED
sites to be listed in the UNTRUSTED array as well (thanks
pal1000 for reporting)
x Fixed action icon being disabled on Options tabs and not
re-enabled when navigating away in the same tab (thanks
geek99 for reporting)

Version 10.1.6.1 344.2 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.6.1
=============================================================
x Reduced UI sizes in desktop version
x Work-around for Firefox bug preventing the Export button
from working on non-Windows platforms

Version 10.1.6 344.3 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.6
=============================================================
x [XSS] Improved sensitivity of JSON whitelisting (thanks
@SamuraiFoochs for reporting)
x [XSS] Improved specificity of nested URL checks (thanks
@SamuraiFoochs for reporting)
x New configuration export implementation, more convoluted
but not requiring the "downloads" permission

Version 10.1.5.9 344.8 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.5.9
=============================================================
x Fixed some XSS false positives
x Fixed out of scale rendering regression on high DPI screens

Version 10.1.5.8 347.3 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.5.8
=============================================================
+ Fix for linux rendering performance issues
+ First "Quantum" release candidate with Android support
x Inverted order of domains vs full sites in popup

Version 10.1.5.7 343.6 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.5.7
=============================================================
+ Settings import functionality, backward compatible with
NoScript 5 formats
+ Settings export functionality
+ [XSS] The filter now automatically skips embedded documents
which would normally be blocked
x Base domain matching now uses a single dot rule for unknown,
private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
x [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato
Kinugava for reporting)
x Better feedback for errors in the policy's debug JSON view
(thanks E-Raser for RFE)

Version 5.1.8.3 759.1 KiB Fonctionne avec Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.8.3
=============================================================
x [XSS] Fixed regression (thanks Masato Kinugava for report)

Version 10.1.5.6 342.0 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.5.6
=============================================================
- removed yandex.st from default whitelist (see
https://forums.informaction.com/viewtopic.php?t=23655)
x [XSS] Streamlined multiple unescaping standards handling
x [XSS] Generalized work-around for browser's URL parsing
oddities (thanks Masato Kinugava for reporting)
+ "Temporarily set top-level sites to TRUSTED" option
x [XSS] Fixed user choices forgot across browser sessions

Version 5.1.8.2 759.0 KiB Fonctionne avec Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.8.2
=============================================================
x [ABE] Restored Palemoon compatibility (thanks barbaz for
patch)
x [ABE] Fixed ruleset persistence (thanks barbaz for patch)
- removed yandex.st from default whitelist (see
https://forums.informaction.com/viewtopic.php?t=23655)
x [XSS] Streamlined multiple unescaping standards handling

Version 10.1.5.5 341.9 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.5.5
=============================================================
+ [UI] Clicking on the domain label now opens the "Security
and privacy info" webpage (like middle click on "Classic").
+ "Reset to Defaults" button in the options window
x Improved content script initialization logic (thanks Rob Wu
for suggestions)
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)
x Fixed sites manually added from the Options textbox don't
stick (thanks Just_Golem for reporting)

Version 5.1.8.1 759.0 KiB Fonctionne avec Firefox 45.0 - 56.0, SeaMonkey 2.42 - *

v 5.1.8.1
=============================================================
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)

Version 10.1.5.4 341.9 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.5.4
=============================================================
+ [UI] Clicking on the domain label now opens the "Security
and privacy info" webpage (like middle click on "Classic").
+ "Reset to Defaults" button in the options window
x Improved content script initialization logic (thanks Rob Wu
for suggestions)
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)
x Fixed sites manually added from the Options textbox don't
stick (thanks Just_Golem for reporting)

Version 10.1.5.3 346.8 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.5.3
=============================================================
x Fixed regression causing NoScript to ask to reload pages in
order to show permissions more than once upon installation
- Removed most animations causing older system to lag when
large permissions lists are displayed in Options

Version 10.1.5.2 346.8 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.5.2
=============================================================
x Improved work-around for blank windows on Linux Firefox bug
x Fixed XSS false positives on POST requests without data

Version 10.1.5.1 347.2 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.5.1
=============================================================
x Fixed regression from new "fail fast" XSS filter main loop,
causing cross-site requests to Google to trigger false
positives (thanks Steve M for reporting)

Version 10.1.5 347.1 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.5
=============================================================
+ [XSS] Added "Always block requests from ... to ..." in XSS
warning prompt
x [XSS] Fixed url decoding bug (thanks Masato Kinugawa for
reporting)
x Fixed some blocked items not reported in the UI (thanks Bo
Elam for reporting)
x Changed the CSP internal report URI to noscript-csp.invalid
(thanks Tom Schuster Mario Heiderich for RFE)
- Removed unused MSE detection code (thanks Rob Wu for
reporting)

Version 10.1.4 346.6 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.4
=============================================================
x Fixed script enablement feedback dependant on page's own
CSP (thanks Rob Wu for reporting)
x Fixed MSE detection injection using window.eval (thanks
Rob Wu for reporting)
x Fixed window being resized and NoScript UI shown in a
separate popup when triggered on a maximized window
x General performance improvement by removing unnecessary
asynchronous webRequest listeners

Version 10.1.3 345.9 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.3
=============================================================
x Hotfix for wiped TRUSTED permissions
x Hotfix for NoScript failing to load if XSS was disabled in
previous session

Version 10.1.3c3 345.8 KiB Fonctionne avec Firefox pour Android 57.0 et supérieures, Firefox 57.0 et supérieures

v 10.1.3rc3
=============================================================
x Fixed immutable permissions for TRUSTED and UNTRUSTED
presets negating all the others (thanks Stefan Scholl for
reporting)
x Work-around for Moz Bug #1402110 (thanks David Ross for
reporting)
x Fixed XSS whitelist not being cleared from Options
x Fixed XSS whitelist trying to using sync even if disabled (
thanks Rob Wu for reporting)

Version 10.1.3c1 340.3 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.3rc1
=============================================================
+ Work-around for Firefox not displaying NOSCRIPT elements on
pages where scripts are blocked by CSP
+ The Alt+Shift+N shortcut now opens the NoScript UI also on
windows with no toolbars containing NoScript's icon
x "unsafe" (non-HTTPS) matching is now automatically selected
on non-HTTPS pages (fixes the perception that you set a
site to TRUSTED and it reverted to DEFAULT)
x Full addresses are shown again to be choosen in UI, together
with base domains
x Better auto-reload logic
x Fixed NoScript back-end to work also if sync storage is
disabled (thanks Rob Wu for reporting)
x Fixed potential fingerprinting through placeholder icon
(thanks Rob Wu for reporting)

Version 10.1.2 308.5 KiB Fonctionne avec Firefox 57.0 et supérieures

v 10.1.2
=============================================================
+ Added "Revoke temporary permissions" button
+ Added "Temporarily allow all this page" button
x Simplified popup listing, showing base domains only (full
origin URLs can still be entered in the Options window to
further tweak permissions)
x Fixed UI not launching in Incognito mode
x Fixed changing permissions in the CUSTOM preset affecting
the DEFAULT permissions sometimes
x Fixed UI almost unusable in High Contrast mode
x Fixed live bookmark feeds blocked if "fetch" permissions
were not given
x Fixed background requests from other WebExtensions being
blocked