Histórico de versões do Suíte de Segurança NoScript - 25 versões
Suíte de Segurança NoScriptpor Giorgio Maone
Cuidado com versões antigas! Essas versões são exibidas com propósito de referência e testes.
Devemos sempre usar a versão mais recente de uma extensão.
Versão mais recente
Versão 11.0.9
Lançado em 19 de Nov de 2019 - 558,61 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0.9
============================================================
x [Chromium] Prevent duplicated MSE placeholders (e.g. on
Youtube)
x Fixed external scripts included in HEAD of file:// pages
failing (issue #115)
x [XSS] Updated HTML 5 events inventory
x Best effort to make media placeholders visible and
clickable
x Placeholders for MSE on Chromium too
x Use invalid IP rather than domain name to prevent offline
status from breaking sync messaging in Chromium
x Removed empty exportFunction() Chromium shim
x Updated TLDsCódigo fonte publicado sob GNU General Public License, version 2.0
Versões mais antigas
Versão 11.0.8
Lançado em 7 de Nov de 2019 - 557,58 KBFunciona com firefox 59.0 em diante, android 59.0 em diantex [L10n] Updated da, ja, lt, mk, nl
x Fixed onionSecure setting persistence issue (Tor ticket
#32362)
x Fixed CSP DOM injection breaking XML documents renderingCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 11.0.7
Lançado em 4 de Nov de 2019 - 539,69 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0.7
============================================================
x Use fragments to reinsert and run previously blocked
scripts
x Fetch policies asynchronously for about: and javascript:
URLs
x Remove loop around XHRCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 11.0.6
Lançado em 1 de Nov de 2019 - 539,63 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0.6
============================================================
x Compute the correct origin for the policy to be fetched
from about:blank and javascript: URLs
x Work-around for Youtube video elements positioned
off-display at replacement time
x Version numbers for Chromium dev builds compatible with
Chromestore requirements
x Script blocking before policy is fetched only for
synchronous loads
x Make tests not to run automatically on dev mode startup
anymoreCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 11.0.4
Lançado em 27 de Out de 2019 - 539,09 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0.4
============================================================
x [Tor] Treat .onion sites whose protocol is HTTP as if it
was HTTPS
x [Mobile] Blocked scripts count displayed in the browser
action menu item
x Consolidated missing endpoint error detection in Messages
x More compatible Messages abstraction
x Progressive count of debug messages to better trace
asynchronous execution
x [XSS] Fixed false positive (property assignment)
x Fixed typo causing initializing promise not being cached
x Avoid unnecessary page reloads on extension updates
x Fixed undefined variable error when in debugging mode
x [Tor] Display .onion sites as "secure" in the UI (tickets
#27313 and #27307)
x Support for splitting sync storage items into chunks, to
allow synchronization of big policies across devices
x IPv4 subnet shortcut matching
x Fallback to local storage for any item exceeding limits
(fixes persistence problems on Chromium)
x Alternate version numbering for Chromium pre-releases
x Simplified, less noisy and more resilient Messages
abstraction implementation (thanks barbaz for reporting)
x Handle edge-case policy retrieval for file:// pages loaded
by session restore on startup and alike
x Improved Chromium development-build workflow
x Fix CSP violation reporting management of "fake"
blocked-uri like "eval"
x Recursive webgl context monkeypatching across same origin
windows (thanks skriptimaahinen for concept and patch)
x Replaced cookie-based hacks with synchronous messaging
(currently shimmed) to retrieve fallback and
per-tab restriction policies
x Work-around for Chromium not supporting frameAncestors
in webRequest
x [L10n] Updated Transifex-managed ca, da, it, nl, ru, sv_SE
x [XSS] Updated HTML5 events
x Updated TLDs
x Fixed "Cascade top document restrictions" option not always
applied to embedded elements (thanks barbaz for reporting)
x Removed XSS prompt for timeoutsCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 11.0.3
Lançado em 19 de Ago de 2019 - 535,65 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0.3
=============================================================
x [Tor] Work-around for prompts being huge when
resistFingerprinting is enabled
x [XSS] Fixed false positives due to overzealous HTML
attribute checking
x [XSS] Enabled InjectionChecker logging when debugging mode
is on
x Work-around for browser.i18n.getMessage() API in content
scripts giving away browser's real locale (Tor issue #31287)
x Updated TLDs
x [L10n] Updated Transifex-managed he, is, nb, ru, sq, zh_TWCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 11.0.2
Lançado em 25 de Jul de 2019 - 535,21 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0.2
=============================================================
+ Restored "classic" pasted HTML sanitization feature, Now
triggered by drag'n'drop too (thanks barbaz for patch)
x Fixed bug in browser type detection by content scripts (
thanks barbaz)
+ Added "Collapse blocked objects" option in Blocked Objects
prompt
x Fixed corner case when application/* content types should
match "media" rather than "object" (thanks skriptimaahinen
for reporting)
x Replacement clicks are now intercepted even if a content
placeholder is obstructed by an overlay
x More graceful handling of chrome: origins (thanks
skriptimaahinen for reporting)
x CSP building optimizations
x Updated TLDs.
x [L10n] Updated Transifex-managed locales br, de, it, ms,
nl, ru, tr, nb, sv_SE and zh_CNCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 11.0
Lançado em 24 de Jun de 2019 - 533,93 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 11.0
=============================================================
x [XSS] Fixed false positives with parameters named "src"
x Static click-to-play placeholders
+ [L10n] New da, is, pl, sq, zh_TW Transifex-managed locales
x [L10n] Updated sv_SE Transifex-managed localeCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.6.3
Lançado em 15 de Jun de 2019 - 506,44 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.6.3
=============================================================
x Multiple fixes in embeddings replacement (thanks barbaz
for reporting)
x Fixed [Import] settings button on Android
x [XSS] JSON reduction optimizations
x [XSS] XSS checks performance improvements play nicer with
resistFingerprinting
x [XSS] Fully asynchronous InjectionChecker, prevents freezes
on heavy payloads
x Skip page autoreloads on transitions between temporary and
permanent presets of the same kind
x Updated TLDsCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.6.2
Lançado em 22 de Mai de 2019 - 504,48 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.6.2
=============================================================
x Removed work-around for https://bugzil.la/1532530 (now
fixed and backported to the Tor Browser too)
x Fixed media.mediasource.enabled breakage (thanks
skriptimaahinen for patch)
x Reference internal pages as absolute URLs for Chromium
compatibility
x Updated TLDs
x [Locale] Updated Transifex-managed locales (es, ms, tr)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.6.1
Lançado em 10 de Abr de 2019 - 507,54 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.6.1
=============================================================
x Make RequestGuard's header processing synchronous as needed
x Fixed inconsistencies handling browser-internal URLs
x Fixed resetting options works just once per session
(defaults reference current settings) - issue #69
x [Locale] Updated Transifex-managed locales (de, fr, it, tr,
nl)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.6
Lançado em 7 de Abr de 2019 - 507,83 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.6
=============================================================
x Limit wrappedJSObject usages to compatible browsers
x [Chromium] Merged chromium branch (unified code base)
x [Locale] Updated Transifex-managed locales
x Updated TLDsCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.2.5
Lançado em 24 de Mar de 2019 - 490,81 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.2.5
=============================================================
x [XSS] Improved detection of privileged origins (fixes an
about:tor to DuckDuckGo false positive)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.2.4
Lançado em 20 de Mar de 2019 - 490,77 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.2.4
=============================================================
x Improved prompts layout (thanks Ton for suggestion)
x Improved unscanned POST blockingCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.2.3
Lançado em 19 de Mar de 2019 - 490,72 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.2.3
=============================================================
x [l10n] Updated Transifex-managed locales
x Fixed POST searches from the url bar causing XSS warnings
x Fixed popup top buttons not visible in high contrast
appearance mode (thanks pjaworski for reporting)
x Optimized popup layout initializationCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.2.2
Lançado em 17 de Mar de 2019 - 490,64 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.2.2
=============================================================
x [L10n] Updated Transifex-managed locales
+ Cascading top document's restrictions to subdocuments is now
an option in the General section and defaults to true on
the Tor Browser only
+ "Scan uploads for potential cross-site attacks" and "Ask
confirmation for cross-site POST requests which could not
be scanned" options: in Tor Browser default false and true,
respectively, as a work-around for mozbug 1532530
+ [Tor] "Override Tor Browser Security Level preset" option
+ [Tor] Selective handling of Tor Browser specific settings
x Updated TLDs
x [XSS] Updated event names
x Safer cookie-less check for unrestricted tabs from subdocs
x [Build] Easier version bumps to next rc (build.sh bump rcX)
x Fixed unrestricted tabs not affecting about:blank subframes
(issue #48, thanks musonius for reporting)
x [XSS] Updated known HTML events lists
+ [Locale] Added sv_SE (by Jonatan Nyberg)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.2.1
Lançado em 23 de Dez de 2018 - 475,29 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.2.1
=============================================================
x Cascade top document's restrictions to subframes (Tor
issue #28873)
x Fixed restored media element from placeholder not loading
previously blocked content automatically
x Fixed placeholders missing for some blocked embeddings
(Tor ticket #28720)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.2.0
Lançado em 25 de Nov de 2018 - 475,11 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.2.0
============================================================
x [L10n] Updated fr, he
x Allow origin-less fetch for extensions (issue #41)
x Fixed meta refresh inside NOSCRIPT emulation breaking
Firefox's built-in refresh blocking
x Fixed issue #35 "tabId is not defined" on startup
x Darker red badge background to ensure text is kept white
across browsers
</pre>Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.9
Lançado em 16 de Out de 2018 - 475,12 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.9
=============================================================
x Prevention of potential race condition in the new per-tab
configuration cookie-based hack
x Better cross-platfrom build script compatibility
x Per-tab configuration cookie-based hack, leaves window.name
alone
x Various build scripts fixesCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.8
Lançado em 6 de Out de 2018 - 475,12 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.8
=============================================================
x Fixed preset customization UI showing inherited DEFAULT
permissions if a protocol-level preset exists
x Simplified CSP HTTP header injection, avoiding report-to
until actually supported by browsers
x [L10n] Updated ru (thanks fatboy)
+ [Tor] Better UX for overriding protocol-level permissions
+ [Build] Option to force TLD updates
+ [L10n] Updated (es, ru) and new (el, he, ms, nb) locales
from OTF's Localization Lab Transifex project
+ [L10n] no_BO translation by comradekingu
+ FTP directory UI emulation on script-disabled domains
x Include ftp:// URLs in non-secure domain matching (thanks
Rassilon for RFE)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.6
Lançado em 14 de Set de 2018 - 446,58 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.6
=============================================================
x [TB] Gracefully handle legacy external message recipients
x [XSS] Updated known HTML5 events
x Better IPV6 support
x UI support for protocol-only entriesCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.5
Lançado em 9 de Set de 2018 - 446,26 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.5
=============================================================
x Fix for various content script timing related issues
(thanks therube for reporting)Código fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.4
Lançado em 9 de Set de 2018 - 446,37 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.4
=============================================================
x Prevent total breakages when policies accidentally map
to invalid match patterns
x Internal messaging dispatch better coping with multiple
option windows
x Avoid multiple CSP DOM insertionsCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.3
Lançado em 9 de Set de 2018 - 446,25 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.3
=============================================================
x Fixed message handling regression breaking embedders and
causing potential internal message loopsCódigo fonte publicado sob GNU General Public License, version 2.0
Versão 10.1.9.2
Lançado em 8 de Set de 2018 - 446,12 KBFunciona com firefox 59.0 em diante, android 59.0 em diantev 10.1.9.2
=============================================================
x More efficient window.name-based tab-scoped permissions
persistence
x Fixed URL parsing bugs
x Fixed bug in requestKey generation
x [Build] Enhanced TLD data update subsystem
+ [UI] CUSTOM presets gets initialized with currently applied
preset, including temporary/permanent status
x Improved internal message dispatching, avoiding potential
race conditions
+ [L10n] Transifex integration
x Work-around for DOM-injected CSP not being honored when
appended to the root element, rather than HEAD
+ Transparent support for FQDNs
x Better file: protocol support
x Full-page placeholders for media/plugin documentsCódigo fonte publicado sob GNU General Public License, version 2.0