Historique de version de NoScript

419 versions

Méfiez-vous des anciennes versions !

Ces versions sont affichées pour informations et à titre d’essais. Vous devriez toujours utiliser la dernière version d’un module.

Version 2.1.2.6.1-signed 496.0 KiB Fonctionne avec Firefox 3.0 - 9.0a1, SeaMonkey 2.0 - 2.6a1

v 2.1.2.6
==========================================================================
x Temporarily disabled anti-anti-adblocker surrogate on any site except
those explicitly added to noscript.surrogate.ab.sources preference, as a
work-around for bug 677652
x Lazy initialization is deferred also when a file:// URL is loaded as the
home page

v 2.1.2.6rc7
==========================================================================
x More accurate work around for bug 677050

v 2.1.2.6rc6
==========================================================================
x Work around for Nightly bug 677050

v 2.1.2.6rc5
==========================================================================
x Fixed rapid-fire cross-site interaction protection interfering with some
keyboard-based UI patterns

v 2.1.2.6rc4
==========================================================================
x Fixed Firefox's built-in feed renderer broken unless about:feeds is
whitelisted

v 2.1.2.6rc3
==========================================================================
x Plugin origin checks now account for multiple extra-codebase archives
x Work around for HTTPS script inclusions on JavaScript-disabled pages
being loaded, albeit not executed (thanks al_9x for reporting)
x [ClearClick] Tentative work-around for ABP's "Block..." tab causing
false positives on nested documents (thanks GµårÐïåñ for reporting)

v 2.1.2.6rc2
==========================================================================
x Work-around for content policy inconsistencies in Java applet origins
handling (thanks al_9x for reporting)

v 2.1.2.6rc1
==========================================================================
+ Surrogate for the t.co Twitter URL shortener, which would otherwise
require JavaScript
+ USER ruleset conveniently pre-selected when ABE options are opened
x Improved invisible links detection approach

Version 2.1.2.5.1-signed 495.0 KiB Fonctionne avec Firefox 3.0 - 9.0a1, SeaMonkey 2.0 - 2.5a1

v 2.1.2.5
==========================================================================
x Fixed bookmarklets from sidebars not working on JS-disabled pages
+ Improved Twitter surrogate for Fx 3.x

v 2.1.2.4
==========================================================================
+ Ubuntu-specific startup optimization

v 2.1.2.4rc5
==========================================================================
+ Halved startup time (< 50ms) by deferring costly initialitations to
first remote request and fastloading the rest
x Minor tweaks to Twitter surrogate

v 2.1.2.4rc4
==========================================================================
+ Script Surrogate execution also for ABE-denied script requests (
thanks al_9x for RFE)
+ Script Surrogate for Twitter inclusions (thanks al_9x)
x Improved compatibility with Readability
x Fixed switching from one rule to another in the Rulesets box looses
changes in the current rule (thanks al_9x for reporting)

v 2.1.2.4rc3
==========================================================================
x Fixed url bar regression from rc2

v 2.1.2.4rc2
==========================================================================
x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
==========================================================================
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)

Version 2.1.2.3.1-signed 495.0 KiB Fonctionne avec Firefox 3.0 - 8.0a1, SeaMonkey 2.0 - 2.5a1

v 2.1.2.3
==========================================================================
x [ClearClick] Refactoring and isolation of the rapid fire protection

v 2.1.2.3rc2
==========================================================================
x [ClearClick] Further refinement of rapid fire detection on tab switching

v 2.1.2.3rc1
==========================================================================
x [ClearClick] Fixed delay on first event response after some kinds of tab
switching

v 2.1.2.2
==========================================================================
x [ClearClick] Fixed false positives due to backwards incompatibilities
with Fx 3.5 and below (thanks chas35 for reporting)
x [Nightly compat] Fixed import/export broken by nsIJSON interface changes
in recent nightly builds (thanks happy-dude for reporting)

v 2.1.2.1
==========================================================================
x Fixed rapid fire cross-site interaction protection interfering with
keyboard-based tab switching (thanks tikl for reporting)

Version 2.1.1.2.1-signed 495.0 KiB Fonctionne avec Firefox 3.0 - 8.0a1, SeaMonkey 2.0 - 2.5a1

v 2.1.1.2 (same as 2.1.2rc0)
==========================================================================
x Fixed conflict with Firebug console
x Removed legacy code in content policy and ClearClick

v 2.1.1.2rc9
==========================================================================
x Fixed surrogates causing duplicate history entries for some sites on
Firefox 5
x Work around for bug 666371 breaking popunder surrogate and legitimate
popups on some sites

v 2.1.1.2rc8
==========================================================================
x Work-around for Mac OS X filepicker in Firefox 5 preventing exported
configuration files from being reimported

v 2.1.1.2rc7
==========================================================================
x Work-around for Nightly bug breaking the "View image" command
x Improved Google Analytics surrogate

v 2.1.1.2rc6
==========================================================================
+ HTML 5 media blocking extended to Mozilla's audio API extension (thanks
al_9x for RFE)
x Improved handling of resource prefetching through object elements
x Removed msc.wlxrs.com and js.wlxrs.com, adding just wlxrs.com to the
default whitelist and to the whitelists of Hotmail users, after Microsoft
explained that this is the future-proof permission needed to ensure
compatibility with the Live webmail

v 2.1.1.2rc5
==========================================================================
x Full page reload is not triggered anymore when invisible plugin objects
are activated if the parent page has been loaded by a POST HTTP request
(thanks al_9x for RFE)
x Full page reload is not triggered anymore on invisible frame activation
(thanks al_9x for RFE)
x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
for reporting)
x Object elements used to prefetch JavaScript and CSS content are not
blocked anymore, provided that the parent is whitelisted, This behavior
can be disabled in about:config, noscript.allowCachingObjects (thanks
al_9x for RFE)

v 2.1.1.2rc4
==========================================================================
+ Added msc.wlxrs.com to the default whitelist as requested by the Hotmail
team (new domain required for Hotmail to work)
+ One-time merge of the default whitelist to integrate services already
whitelisted as needed (e.g. hotmail.com to imply msc.wlxrs.com)
x Work-around for scripts served from amazonaws.com having wrong media
type sometimes

v 2.1.1.2rc3
==========================================================================
x Fixed frame in-place activation causing the content to be loaded inside
a nested iframe (thanks al_9x for reporting)

v 2.1.1.2rc2
==========================================================================
x [XSS] Work-around for an unfixable (JavaScript fragments get actually
uploaded cross-site) false positive on Verizon login (thanks John Dwyer
for reportng)

v 2.1.1.2rc1
==========================================================================
x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
noise on trunk after bug 311007 landed (thanks Hydraxr for report)

Version 2.1.1.1.1-signed 494.0 KiB Fonctionne avec Firefox 3.0 - 7.0a1, SeaMonkey 2.0 - 2.4a1

v 2.1.1.1
==========================================================================
+ Improved embedded object activation on Javascript-enabled pages via
dynamic method proxies (thanks al_9x for RFE)

v 2.1.1.1rc2
==========================================================================
x [XSS] removed false positive at Well Fargo's login

v 2.1.1.1rc1
==========================================================================
x Reduced request garbage collection frequency

Version 2.1.1.1-signed 494.0 KiB Fonctionne avec Firefox 3.0 - 7.0a1, SeaMonkey 2.0 - 2.4a1

v 2.1.1
==========================================================================
x Fixed toolbar button hidden in popup windows (thanks Steven Roddis for
reporting)

v 2.1.0.6rc14
==========================================================================
x Fixed double HTTP requests sent sometimes for document requests just
after DNS cache invalidation (thanks Lekensteyn and SLED for reporting)
x Removed NoScript and FlashGot download pages and added Yahoo! Mail as
ClearClick exception, in order to prevent false positives in the message
panel (thanks be and sabret00the for reporting)
x Fixed conflict with IE Tab 2 causing new tab not to open URLs entered
in the address bar (thanks mc for reporting)

v 2.1.0.6rc13
==========================================================================
x Fixed placeholders broken on trunk after fix for Gecko's bug 308590

v 2.1.0.6rc12
==========================================================================
+ Added paypal.com and paypalobjects.com to the default whitelist, to cope
with the new in-page contribution setup at AMO and reduce XSS risks
+ Improved toStaticHTML() emulation (thanks .mario for reporting)

v 2.1.0.6rc11
==========================================================================
x Fixed broken toolbar button on first window opened during first run ever
on Firefox 4.x (thanks al_9x for reporting)

v 2.1.0.6rc10
==========================================================================
x Tentative fix for double HTTP requests sent sometimes upon DNS refresh
x Fixed XSS false positive on Google's Talk Gadget loading

v 2.1.0.6rc9
==========================================================================
+ Improved bookmarklet execution handling (thanks @nomaded for reporting)
= Compatibility bump for Fx 7.0a1

v 2.1.0.6rc8
==========================================================================
+ Further and less likely ASP-related tricks in InjectionChecker (thanks
Seroush Dalili for reporting)
x Fixed bookmarklets and JavaScript URLs broken in about:blank unless
imports are allowed (thanks Nick Ang for reporting)
+ JavaScript URL bar shortcuts are now treated as bookmarklet and executed
by default (thanks @nomaded for reporting)

v 2.1.0.6rc7
==========================================================================
x More ASP idiosyncrasies taken in account by InjectionChecker (thanks
Soroush Dalili for reporting)

v 2.1.0.6rc6
==========================================================================
x Fixed false positive in anti-exfiltration HTML injection checks

v 2.1.0.6rc5
==========================================================================
x Fixed rc2 frame blocking regression (thanks milithruldur for report)

v 2.1.0.6rc4
==========================================================================
+ Per-site WebGL blocking support (WebGL is implicitly disabled wherever
JavaScript is not allowed; it can be blocked on any other site by
checking "NoScript Options|Embedding|Forbid WebGL", and allowed per-site
by clicking on a placeholder of the blocked canvas or by using the
"Blocked objects..." menu if no canvas had been inserted in the page)

v 2.1.0.6rc3
==========================================================================
x Work-around for Cocoon add-on being broken by NoScript's early usage
of the IO Service (thanks Dan Staudigel for reporting)

v 2.1.0.6rc2
==========================================================================
x Fixed plugin documents can't be opened in NewsFox if embedding
restrictions are in place (thanks Mc for reporting)

v 2.1.0.6rc1
==========================================================================
x Fixed broken anti image exfiltration rules in HTML injection checks on
noscripted pages (thanks Gareth Heyes for reporting)

Version 2.1.0.5.1-signed 489.0 KiB Fonctionne avec Firefox 3.0 - 7.0a1, SeaMonkey 2.0 - 2.2a1pre

v 2.1.0.5
==========================================================================
x Fixed recent memory optimizations breaking compatibility with some
extensions (thanks Alan Baxter for reporting)

v 2.1.0.5rc1
==========================================================================
x Work-around for a Seamonkey initialization timing issue

v 2.1.0.4
==========================================================================
+ Improved performance and memory efficiency of cross-site checks
x Removed redundant primary origin from ABE messages
x More verbose initialization error reporting

v 2.1.0.4rc10
==========================================================================
x Fixed memory leak on Nightly when watching the movie at http://ro.me
(thanks _nil and therube for reporting)

v 2.1.0.4rc9
==========================================================================
x Fixed Script Surrogate execution breaking some framesets
x Fixed executing an interactive bookmarklet and closing current tab
during execution keeps scripts globally allowed
+ Disabled execution of javascript: and data: URLs typed or
pasted in the address bar (noscript.allowURLBarJS preference)
+ Disabled execution of non-whitelisted scripts imported during execution
of javascript: and data: URLs typed or pasted in the address bar
(noscript.allowURLBarImports preference)
+ Work around for Verizon's cache serving scripts with wrong media type

v 2.1.0.4rc8
==========================================================================
x Fixed NoScript icon disappearing from add-on bar when mode == "text"

v 2.1.0.4rc7
==========================================================================
x Better work-around for bit.ly sidebar triggering ClearClick warnings
(thanks Markus387 for reporting)

v 2.1.0.4rc6
==========================================================================
x Work-around for bit.ly sidebar triggering ClearClick warnings
x Fixed placeholders with undersized type icon regression

v 2.1.0.4rc5
==========================================================================
x Fixed Seamonkey hanging on some pages (thanks therube for reporting)

v 2.1.0.4rc4
==========================================================================
x Fixed labels being shown for NoScript buttons on the add-on bar in some
configurations (thanks baciok for reporting)

v 2.1.0.4rc3
==========================================================================
x Fixed minimum placeholder size not applied when embeddings have "auto"
as their computed CSS width or height (thanks al_9x for reporting)

v 2.1.0.4rc2
==========================================================================
+ On scriptless pages, empty forms meant to be submitted via JavaScript
are automatically augmented with a submit button labeled after the
destination URL (thanks timeless for RFE)

2.1.0.4rc1
==========================================================================
x Changed the noscript.forbidXBL default to 1 (OK for current Fx versions)
in order to avoid Lotus Mail issues (thanks Tina for reporting)
x [XSS] Fixed a false positive involving Amazon mp3 checkout (thanks Dan
Loomis for reporting)

Version 2.1.0.3.1-signed 488.0 KiB Fonctionne avec Firefox 3.0 - 6.0a1, SeaMonkey 2.0 - 2.2a1pre

v 2.1.0.3
==========================================================================
x [L10n] Updated ro
x Restored some locales gone missing in previous dev build

v 2.1.0.3rc5
==========================================================================
x Improved Google Analytics surrogate
x Experimental built-in Firefox Sync turned off by default (can be enabled
through the noscript.sync.enabled about:config preference)
x Tentative fix for some synchronization annoyances

v 2.1.0.3rc4
==========================================================================
x Suppress any dump() logging when in Private Browsing mode, in order to
avoid X session log leakages on Linux
x Tentative fix for a RequestWatchdog lazy initialization race condition
(thanks Daniel Holbert for reporting)

v 2.1.0.3rc3
==========================================================================
+ Warning when user closes the options dialog leaving broken ABE ruleset
behind (thanks al_9x for report)

v 2.1.0.3rc2
==========================================================================
x Fixed Yahoo Toolbar breaking first browser window if NoScript 2.1.0.2 is
installed
x Various additional startup optimizations

v 2.1.0.3rc1
==========================================================================
x Added some null checks to prevent Venkman noise (thanks timeless)

Version 2.1.0.2.1-signed 483.0 KiB Fonctionne avec Firefox 3.0 - 6.0a1, SeaMonkey 2.0 - 2.2a1pre

2.1.0.2
==========================================================================
x [XSS] Improved XML prescreening

v 2.1.0.2rc5
==========================================================================
x Halved startup time

v 2.1.0.2rc4
==========================================================================
x More robust surrogate execution

v 2.1.0.2rc3
==========================================================================
+ Label automatically hidden when NoScript's toolbar buttons are added to
the add-ons bar

v 2.1.0.2rc2
==========================================================================
x Fixed AddressMatcher broken by RegExp changes in latest Minefield (
thanks linuser for reporting)

v 2.1.0.2rc1
==========================================================================
x Fixed ABE options panel regressions due to the changed storage (thanks
al_9x for reporting)

Version 2.1.0.1.1-signed 490.0 KiB Fonctionne avec Firefox 3.0 - 4.0.*, SeaMonkey 2.0 - 2.2a1pre

v 2.1.0.1
==========================================================================
x Removed googlesyndication.com from the default whitelist
x Added securecode.com ("Verified by VISA") to the default whitelist, in
order to prevent surprise transaction failures
x [XSS] Exception for POST requests coming from a secure albeit not
whitelisted Verified by Visa (securecode.com) origin
x [ABE] Fixed bug causing excessive console noise from permissive rules
x Updated locales

v 2.1
==========================================================================
x Fixed various Script Surrogate inconsistencies

v 2.1.0rc6
==========================================================================
+ [ABE] Rulesets now are stored as preferences rather than files for
faster startup (less I/O) and more consistent settings management
+ [ABE/Sync] Rulesets are integrated into Firefox Sync for preferences too
x On first Firefox 4 run toolbar icon now gets added to the add-on bar
instead of the navigation bar if the latter is invisible, even if the
former is invisible as well (many users seem to expect it there)
x Fixed additional toolbar buttons too wide when labels are shown
x Fixed some Script Surrogate regressions (thanks al_9x for reporting)
x Work around for alert on new windows due to Mozilla's bug 608628
x Fixed placeholder not shown for embed elements placed inside invalid
object elements (thanks al_9x for reporting)

v 2.1.0rc5
==========================================================================
+ Firefox Sync integration can be switched off through the
noscript.sync.enabled about:config preference
x [XSS] Fixed false positive regression from recent Firefox 4
optimizations (thanks m_c for reporting)

v 2.1.0rc4
==========================================================================
x Further version-specific Script Surrogate optimizations

v 2.1.0rc3
==========================================================================
+ First shot at Firefox Sync native integration, synchronizes everything
except custom ABE rules
x [ABE] Optimized origin tracing
+ [ABE] INC(MEDIA) subtype matching HTML5 video and audio requests
+ [ABE] INC(FONT) subtype matching font embedding requests
x Huge refactoring in regular expression usage to optimize for Fx 4
x Script Surrogate optimization

v 2.1.0rc2
==========================================================================
x [ABE] Work-around for some Java plugin requests bypassing HTTP observers
(thanks tlu for reporting)
+ [ABE] Media HTML elements and plugin sub-requests are matched by the OBJ
inclusion subtype
+ [ABE] Font requests are matched by the OTHER inclusion subtype

v 2.1.0rc1
==========================================================================
x Fixed iframe content being sometimes opened in new tabs on Fx 4 when ABE
is enabled and DNS cache is missed

Version 2.0.9.9.1-signed 487.0 KiB Fonctionne avec Firefox 3.0 - 5.*, SeaMonkey 2.0 - 2.1b3

v 2.0.9.9
==========================================================================
x Fixed spaces in ipecho response breaking WAN IP detection with one of
the mirrors
+ Experimental built-in profiler for debugging purposes

v 2.0.9.9rc5
==========================================================================
+ Compatibility with Fire.fm
+ [XSS] Compatibility with latest Readability
x Tentative work-around for a WAN IP detection issue after sleep/wakeup

v 2.0.9.9rc4
==========================================================================
+ Forced text-plain on documents which miss a content-type header but send
"X-Content-Type-Options: nosniff"
+ Increased compatibility of the X-Content-Options implementation

v 2.0.9.9rc3
==========================================================================
x Work-around for surrogates not being executed on latest Fx 4 builds
x X-Content-Options implementation more compatible with Browserscope

v 2.0.9.9rc2
==========================================================================
x Fixed AJAX fallback last-minute breakage (thanks dhouwn for report)

v 2.0.9.9rc1
==========================================================================
+ Improved XSS filter to protect against potential risks from new HTML 5
features
+ AJAX fallback support via Google's _escaped_fragment_ recommendation,
can be disabled by toggling the noscript.ajaxFallback.enabled preference
(see https://code.google.com/web/ajaxcrawling/, thanks alexbobp for RFE)
+ New noscript.placeholderLongTip about:config preference to control
whether embedding placeholder tooltips should include query strings
and hash fragments or not (true by default)

Version 2.0.9.8.1-signed 485.0 KiB Fonctionne avec Firefox 3.0 - 4.0.*, SeaMonkey 2.0 - 2.1b3

v 2.0.9.8
==========================================================================
x Fixed empty tooltip for embedded placeholder on some RTL pages (thanks
Saad for reporting)
x Truncate URLs in placeholders tooltips at the the query string or hash,
to increase readability (thanks anystupidassname for RFE)
x Increased WAN IP checks interval to 1 hour reducing log spam on routers
- Removed some obsolete code

v 2.0.9.8rc2
==========================================================================
x Fixed all IPv6 addresses in fc80::/24 subnet being erronously treated
like link-local addresses (thanks Jojo999 for reporting)
x Fixed "Unsafe Reload" not working for sanitized POST requests from
untrusted to trusted sites (thanks Lucas Malor for reporting)
+ Better compatibility with Paypal button hosted on non-whitelisted sites
+ Added mozilla.net to the default whitelist for AMO compatibility

v 2.0.9.8rc1
==========================================================================
x [UI] Fixed toolbar button being added on the right of the window resizer
when Fx 4 is run for the first time with NoScript and the add-on bar is
visible
+ [UI] Hitting the "show UI" shortcut (ctrl+shift+S) a second time
dismisses NoScript's popup menu (thanks jso for RFE)
x [DNT] Restored header reordering after DNT header is added, in order to
match Firefox 4's header fingerprint

Version 2.0.9.7.1-signed 485.0 KiB Fonctionne avec Firefox 3.0 - 4.0.*, SeaMonkey 2.0 - 2.1b3

v 2.0.9.7
==========================================================================
x Fixed status label menu popping up in a wrong position
x Updated locales

v 2.0.9.7rc5
==========================================================================
x Fixed external filters submenu not removed when external filters are
disabled
x Blocked objects menus show IFRAME/FRAME rather than mime type info for
blocked frames (thanks al_9x for suggestion)
+ Restored legacy status label by popular request
+ Sticky menu can be triggered by left clicking on status label now

v 2.0.9.7rc4
==========================================================================
x Work-around for menu icons hidden with some Linux distros and themes
(thanks nickr for reporting)
x Changed the X-Do-Not-Track header name to DNT in anticipation of an IETF
Internet-Draft, per Jonathan Mayer
x noscript.doNotTrack.forced gets honored for local addresses now (thanks
Heptite for RFE)
x Fixed partial external filter definition could not be saved
x Fixed empty external filter whitelist could not be validated

v 2.0.9.7rc3
==========================================================================
x Fixed exception on cross-site POST requests from URIs not supporting
the host component (thanks JeffCO for reporting)
x Fixed JS redirection detection being activated also on whitelisted
pages sometimes (thanks scratchpaper for reporting)

v 2.0.9.7rc2
==========================================================================
+ 64x64 icon for Fx 4's add-ons manager
x Fixed bookmarklet execution machinery active even when JavaScript is
disabled by Firefox's content options (thanks Martin Focke foir report)
x Tentative work-around for toolbar button being oriented vertically in
some themes, disrupting toolbar's layout
x More updated locales

v 2.0.9.7rc1
==========================================================================
x Fixed a ClearClick bypass possible to whitelisted attackers who can run
JavaScript (thanks Atul Agarwal for reporting)
x Updated locales
x Improved K-Meleon portability (thanks jk- for RFE)

Version 2.0.9.6.1-signed 471.0 KiB Fonctionne avec Firefox 3.0 - 4.0.*, SeaMonkey 2.0 - 2.1b2

v 2.0.9.6
==========================================================================
x X-Do-Not-Track after a DNS cache miss causing some embedded content
requests to fail
+ Contribution button on the bottom of the Options dialog

v 2.0.9.5
==========================================================================
x Fixed NoScript toolbar buttons having wrong orientation in "icon and
text" mode

v 2.0.9.4
==========================================================================
x Fixed toolbar button does not open the menu (unless you click the little
arrow) if you disable hovering and toggling (thanks bleh for report)
- Removed dynamic localization fallback at runtime
+ Added static localization fallback to the build system
x Localization layout cleanup
x Legacy files cleanup

v 2.0.9.4rc2
==========================================================================
x Removed toolbarbutton-specific stylings
+ Better web compatibility for X-Content-Options
+ Better home router compatibility for X-Do-Not-Track

v 2.0.9.4rc1
==========================================================================
x Fixed DoNotTrack exceptions/forced patterns not being enforced
x Tentative work-around for basic HTTP authentication failing with some
servers when X-Do-Not-Track is sent

Version 2.0.9.3.1-signed 473.0 KiB Fonctionne avec Firefox 3.0 - 4.0.*, SeaMonkey 2.0 - 2.1b2

v 2.0.9.3
==========================================================================
x Fixed some cross-site requests containing JSON-like fragments broken

Version 2.0.9.2.1-signed 473.0 KiB Fonctionne avec Firefox 3.0 - 4.0.*, SeaMonkey 2.0 - 2.1b2

v 2.0.9.2
==========================================================================
x Fixed forbid META refresh inside NOSCRIPT elements regression

v 2.0.9.1
==========================================================================
x Fixed partial options dialog breakage (ClearClick and Import/Export)

v 2.0.9
==========================================================================
- Removed JAR blocking (obsolete in supported browser versions)
- Removed emulated TLD service
x Hidden status bar icon option on applications which have no status bar
x Fixed noscript.doNotTrack.* preferences not being honored

v 2.0.9rc5
==========================================================================
x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)

v 2.0.9rc4
==========================================================================
+ X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
controlled by the noscript.doNotTrack.* about:config preferences
x Restored "left+click on NoScript icon reopens the menu in legacy mode
even if it's already opened in hover mode" feature
x Fixed bug preventing channel replacement when the HTTP method changes
+ Embedded permissions are now bound to the embedding site (thanks al_9x
for RFE)
x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
elements, rather than just attributes (thanks breakBug for report)
x Fixed embedding permission changes not honoring disabled autoreload
preferences (thanks MMlosh for reporting)

v 2.0.9rc3
==========================================================================
+ Middle clicking toolbar button temporarily allows all on current page
- Removed forced embedding opacization legacy feature
- Removed tooltips from icons spawning hover UI
- Disabled permission toggling on left+click for hover UI toolbar buttons
(can be reenabled by setting noscript.hoverUI.excludeToggling to true)
x Fixed notification regression

v 2.0.9rc2
==========================================================================
x No extra spacer added on addon-bar during first customization
x Long menus automatically scroll to the bottom when opened from the
bottom of the browser
x Fixed legacy status bar icon switching permissions on left+click like
the toolbar button
x Fixed legacy status bar icon always getting "after_start" popup position

v 2.0.9rc1
==========================================================================
+ Improved anti-popunder surrogate
+ Check for UI accessibility of Firefox 4 with hidden addon-bar and
automatic installation of toolbar button on fail
x Fixed whitelisted iframe blocking getting in the way of web content
embedded by privileged tabs (e.g. Firefox 4's add-on manager)
x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
mini buttons
x Fixed tooltips getting in the way of hover UI
- Removed status bar label
x Fixed regression: permissions changes on sites with non-standard ports
failed to trigger page reload (thanks Andrew Black for reporting)
x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
for reporting)

Version 2.0.8.1 493.0 KiB Fonctionne avec Firefox 3.0 - 4.0b9pre, SeaMonkey 2.0 - 2.1b2

v 2.0.8.1
==========================================================================
x Fixed new IFRAME-based Youtube embedding method broken on non
whitelisted pages with embedding restrictions (thanks al_9x for report)

v 2.0.8
==========================================================================
x Fixed toolbar buttons icon size on Firefox 4 Windows theme
+ XSS check on permissions changes, suppressing events and forcing
filtered reload if an injection is found (thanks "dave b" for reporting)
x Fixed graphic glitches on menu showing with accelerated graphics (thanks
Das for reporting)
x Fixed permission changes causing unrelated tabs to be reloaded when
automatic permissions had been previously granted

v 2.0.8rc2
==========================================================================
x Fixed unhandled exception caused by LiveConnect interception logging (
thanks al_9x for reporting)
x Optimized QueryInterface generation
+ [ABE] 6to4 IP addresses support
x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0

v 2.0.8rc1
==========================================================================
x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
Firefox 4 (about 1ms each)
x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPT mask)
x Fixed bug in fake redirections code, causing it not to honor the
redirection limit settings (thanks Peter Eckersley)
x [XSS] Improved SQLXSSI detection accuracy
x Updated revsci surrogate (thanks al_9x)

Version 2.0.7 491.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.7
==========================================================================
+ [XSS] Detection and filtering of hexadecimal and binary encoded
reflected XSS through SQL injection (SQLXSSI), partially found and
disclosed (raw hexadecimal variant only) by Aditya K Sood

v 2.0.6
==========================================================================
+ Bug fixes and improvements in LiveConnect interception
x Fixed random "win is null" error message (thanks timeless for report)

v 2.0.6rc4
==========================================================================
+ Java packages exposed by LiveConnect on the window object are made
unaccessible wherever Java is blocked by embedding restrictions

v 2.0.6rc3
==========================================================================
x [ABE] Work-around for Flash video playback and other HTTP subrequests
from plugins sometimes failing on latest Minefield builds

v 2.0.6rc2
==========================================================================
x [ABE] Fixed 2.0.6rc1 regression: broken internal redirections

v 2.0.6rc1
==========================================================================
+ "Security and privacy info" pages shown also by middle-clicking items
in NoScript Options|Whitelist (thanks dhouwn for RFE)
x [XSS] Better compatibility with 4shared embedded movies
x [ABE] Fixed regression: Anon action interfering with IFrame blocking
when DNS record for current request is cached (thanks al_9x for report)

Version 2.0.5.1 486.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.5.1
==========================================================================
x Improved LoadGroup integration of the new internal redirection machinery
for better loading progress feedback.

v 2.0.5
==========================================================================
x Fixed stability issue when forcing HTTPS on images

v 2.0.5rc3
==========================================================================
x Faster and more "correct" hack for internal redirections

v 2.0.5rc2
==========================================================================
x Experimental asynchronous channel replacement for ABE and HTTPS
enforcement, should prevent issues with image caching
x Work-around for Google/Youtube bug, sending "Content-Type: text/plain"
header for script files even with "X-Content-Type-Options: nosniff" (see
http://forums.informaction.com/viewtopic.php?f=7&t=5304)

v 2.0.5rc1
==========================================================================
x Fixed automatic allowing for XMLHttpRequest of sites with explicit port
numbers whose domain is allowed (thanks evanpelt for reporting)

Version 2.0.4 486.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.4rc2
==========================================================================
+ Better logging for the "X-Content-Type-Options: nosniff" activity
+ noscript.nosniff about:config preference to control whether enforcing
"X-Content-Type-Options: nosniff" (true, default) or not (false)

v 2.0.4rc1
==========================================================================
+ "X-Content-Type-Options: nosniff" support
x Fixed using bookmarklets with noscript.allowBookmarkletImports set to
false erronously adds current website to the JavaScript whitelist

Version 2.0.3.5 486.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.5
==========================================================================
x [UI] Fixed right-click on the toolbar button switching permissions

v 2.0.3.4
==========================================================================
+ [UI] Bold "Recently blocked" menu and items which have been attempted to
load from the currently displayed web site (thanks therube for RFE)
- Removed legacy (pre Fx 3) notification code

v 2.0.3.4rc2
==========================================================================
- [UI] Removed status icon hover effect
+ [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
problem (thanks al_9x)
+ [ClearClick] Unlocked flag caching performance optimizations
+ AddressMatcher now matches UTF8 (not IDN-encoded) host names too
+ AddressMatcher now matches scheme only (xyz:) patterns
x Work-around for X-Frame-Option interfering with mixed chrome/content
UIs (e.g. Firefox 4 add-ons manager)

v 2.0.3.4rc1
==========================================================================
x Fixed unchecking and re-checking the toggle permissions toolbar button
behavior ending in an inconsistent status (thanks Grump Old Lady for
reporting)
x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

Version 2.0.3.3 486.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b2

v 2.0.3.3
==========================================================================
x Changed noscript.forbidIFramesContext about:config preference default to
3 (same base domain) to ensure better usability on complex sites (e.g.
new Twitter) for people who's blocking iframes on trusted sites
x Optimal sensitivity calibration for Hover UI trigger events

v 2.0.3.3rc3
==========================================================================
+ Improved Hover UI usability with the noscript.hoverUI.delayStop
about:config preference, dictating how many milliseconds the mouse must
stand still on NoScript's icon before NoScript's menu is displayed

v 2.0.3.3rc2
==========================================================================
+ [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
functions, in order to allow top-level variables to be forced read-only
by using the const keyword; built-in surrogates have been retrofitted to
prevent scope clashes, by adding anonymous function wrappers as needed

v 2.0.3.3rc1
==========================================================================
+ [UI] Configurable enter and exit delays for the hover UI behavior, via
noscript.hoverUI.delay* about:config preferences
x [ClearClick] improved compatibility with very short frames (like the top
bar on www.blogger.com, thanks craftcove for reporting)
x [Policy] Removed legacy code specializing TYPE_OTHER

Version 2.0.3.2 486.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b1

v 2.0.3.2
==========================================================================
x Work-around for first script element in body of a framed document not
being executed unless password manager is enabled on Minefield
x Work-around for surrogates not being executed in frames on Minefield

v 2.0.3.2rc1
==========================================================================
x Fixed further menu glitches with URL ports (thanks al_9x for reporting)

v 2.0.3.1
==========================================================================
x [UI] added 250ms delay for menu disappearing on mouse out from icon (
disappearing mouse out from menu already used a 500ms delay)
x Fixed explicit port URL related regression (thanks al_9x for reporting)

v 2.0.3.1rc6
==========================================================================
x Fixed further breakages due to Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc5
==========================================================================
x Fixed redirections broken by Array prototype chain glitches introduced
in latest Minefield

v 2.0.3.1rc4
==========================================================================
x Work-arounds for some CAPS implementation impedance mismatches (thanks
GµårÐïåñ and al_9x for reporting)

v 2.0.3.1rc3
==========================================================================
+ [UI] Extended the "open on hover" behavior to the toolbar button
x about:crashes added to the mandatory whitelist

v 2.0.3.1rc2
==========================================================================
x [Surrogate] Fixed window.open not working for HTTP sites on recent
Minefield builds
x Fixed minor glitch in channel replacement on trunk

v 2.0.3.1rc1
==========================================================================
x [Surrogate] Restored the previous document.cookie patching order, since
it seems more compatible with some buggy sites

Version 2.0.3 486.0 KiB Fonctionne avec Firefox 3.0 - 4.0b8pre, SeaMonkey 2.0 - 2.1b1

2.0.3
==========================================================================
x [Surrogate] Improved compatibility of the popunder surrogate
x [Surrogate] Fixed broken meebo.com detached windows
x [L10n] Updated it-IT

v 2.0.3rc4
==========================================================================
+ [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
hovers over NoScript's icon" checkbox
x [UI] Minor refinements in the new "UI on hovering" behavior

v 2.0.3rc3
==========================================================================
x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
the JoshMeister for reporting)
+ [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
for reporting)
x Fixed "setting a property that has only a getter" warning in strict mode
x Better compatibility with CDNs improperly serving JavaScript files with
a CSS mime type

v 2.0.3rc2
==========================================================================
x Fixed "Partially allowed" message instead of "Forbidden" when everything
is blocked, including some embeddings (thanks jan for reporting)
x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
for reporting)

v 2.0.3rc1
==========================================================================
+ [UI] Clickless "on over" opening of the status bar menu, can be disabled
via noscript.hoverUI about:config preference (thanks safemode for RFE)
x Fixed embedded fonts requiring the page to be allowed, rather than the
just the object, if embedded in data: URIs (thanks Alexander Konovalenko
for reporting)

Version 2.0.2.5 485.0 KiB Fonctionne avec Firefox 3.0 - 4.0b6pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.5
==========================================================================
x [XSS] Further FBML compatibility improvements

Version 2.0.2.3 485.0 KiB Fonctionne avec Firefox 3.0 - 4.0b6pre, SeaMonkey 2.0 - 2.1b1

v 2.0.2.3
==========================================================================
x [XSS] Fixed optimization bug which may lead to slower checks on specific
source patterns

Version 2.0.1 481.0 KiB Fonctionne avec Firefox 3.0 - 4.0b5pre, SeaMonkey 2.0 - 2.1a3

v 2.0.1
==========================================================================
+ [ABE] noscript.abe.localExtras about:config preference can specify net
resources (space separated IPs and/or subnets) to be considered as
LOCAL by ABE, in addition to the "regular" private subnetworks and the
auto-detected WAN IP (thanks ammdispose for suggestion)
x [ClearClick] Better compatibility with iframes containing very tiny
pages (e.g. horizontal Flattr buttons)
x Fixed page-level surrogates not always being executed inside iframes
(thanks al_9x for reporting)
x [XSS] Fixed XML tags with no attributes which are homonymous of
"sensitive" HTML tags triggering XSS false positives

v 2.0.1rc4
==========================================================================
+ Forced NOSCRIPT element activation is not triggered for sources marked
as untrusted (thanks al_9x for suggestion)
+ Update for Firefox 4.0b4pre compatibility (bug 546606)

v 2.0.1rc3
==========================================================================
x Improved interaction between surrogates and NOSCRIPT element activation
x Fixed potential recursion issue during DNS resolution on SeaMonkey trunk
(thanks therube for reporting)
x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=584334
x Fixed using IPv6 URL syntax causes confusion to some proxies
x Compatibility checks updates

v 2.0.1rc2
==========================================================================
+ [ABE] "X-ABE-Fingerprint: Off" header can be sent by web servers which
don't want/need to be fingerprinted by ABE's WAN IP protection
+ [ABE] User agent header "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)"
is sent to help administrators finding info about ABE's fingerprinting
x [ABE] Fingerprint checks are performed every 15 minutes, rather than 5
x Fixed early access to document.documentElement breaking XBL bindings
on SeaMonkey trunk (thanks therube for reporting)

v 2.0.1rc1
==========================================================================
x Fixed meta redirections being broken sometimes when a NOSCRIPT element
activation is forced on a JavaScript-enabled page (thanks Supermop for
reporting)

Version 2.0 481.0 KiB Fonctionne avec Firefox 3.0 - 4.0b3pre, SeaMonkey 2.0 - 2.1a3

v 2.0
==========================================================================
x [Surrogate] Fixed Google thumbs surrogate broken by recent Gecko changes
x [ClearClick] Work-around for client(Height|Width) miscalculation

v 2.0rc8
==========================================================================
+ Full hand-over to InjectionChecker for untrusted origin requests as well
+ More efficient UI synchronization system
x Fixed status icon not being correctly updated when a new script source
gets added after page is loaded

v 2.0rc7
==========================================================================
+ More web-compatible NOSCRIPT element handling on mixed permissions pages

v 2.0rc6
==========================================================================
+ [ABE] WAN IP checks logged on Error Console (thanks al_9x for RFE)

v 2.0rc5
==========================================================================
+ [ABE] Experimental cross-zone CSRF protection for flawed routers which
expose their WAN IP on their LAN interface (thanks al_9x for report)

v 2.0rc4
==========================================================================
+ Anti-anti-adblocker generic page-level surrogate
+ Minimal surrogates for several ad/tracking sources
+ Revsci surrogate (thanks al_9x)
x Work-around for medicare.gov "benign" XSS

v 2.0rc3
==========================================================================
x Fixed X-Frame-Options being checked for plugin embeddings as well
(thanks Richard Johnson for reporting)

v 2.0rc2
==========================================================================
+ External filters now receive the object URL as their 4th argument

Version 1.10 478.0 KiB Fonctionne avec Firefox 1.5 - 4.0b3pre, SeaMonkey 1.1 - 2.1a3

v 1.10
==========================================================================
+ ABE built-in ruleset editor
+ Button to reset ABE's defaults
x Fixed setting noscript.cp.last to false causing embeddings not to be
blocked
x Fixed 2nd order InjectionChecker bypass (thanks Sirdarckcat for report)
+ External filters now receive the object referrer as their 3rd argument

Version 1.9.9.99 478.0 KiB Fonctionne avec Firefox 1.5 - 4.0b2pre, SeaMonkey 1.1 - 2.1a3

v 1.9.9.99
==========================================================================
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)