Jump to content


Photo

NoScript 2.x


  • Please log in to reply
137 replies to this topic

#16 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 29 July 2011 - 02:50 AM

NoScript v 2.1.2.5
x Fixed bookmarklets from sidebars not working on JS-disabled pages
+ Improved Twitter surrogate for Fx 3.x

v 2.1.2.4
+ Ubuntu-specific startup optimization

v 2.1.2.4rc5

+ Halved startup time (< 50ms) by deferring costly initialitations to
first remote request and fastloading the rest
x Minor tweaks to Twitter surrogate

v 2.1.2.4rc4
+ Script Surrogate execution also for ABE-denied script requests (
thanks al_9x for RFE)
+ Script Surrogate for Twitter inclusions (thanks al_9x)
x Improved compatibility with Readability
x Fixed switching from one rule to another in the Rulesets box looses
changes in the current rule (thanks al_9x for reporting)

v 2.1.2.4rc3
x Fixed url bar regression from rc2

v 2.1.2.4rc2

x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
to control whether rapid fire event checking should be enabled or not
x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
Fx 6 and above (thanks al_9x for reporting)

v 2.1.2.4rc1
x [ClearClick] Restored compatibility with bit.ly (now bitly.com)


#17 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 11 August 2011 - 08:55 PM

NoScript v. 2.1.2.6 [v 2.1.2.6rc8]
x Temporarily disabled anti-anti-adblocker surrogate on any site except
those explicitly added to noscript.surrogate.ab.sources preference, as a
work-around for bug 677652
x Lazy initialization is deferred also when a file:// URL is loaded as the
home page

v 2.1.2.6rc7
x More accurate work around for bug 677050

v 2.1.2.6rc6

x Work around for Nightly bug 677050

v 2.1.2.6rc5

x Fixed rapid-fire cross-site interaction protection interfering with some
keyboard-based UI patterns

v 2.1.2.6rc4
x Fixed Firefox's built-in feed renderer broken unless about:feeds is
whitelisted

v 2.1.2.6rc3
x Plugin origin checks now account for multiple extra-codebase archives
x Work around for HTTPS script inclusions on JavaScript-disabled pages
being loaded, albeit not executed (thanks al_9x for reporting)
x [ClearClick] Tentative work-around for ABP's "Block..." tab causing
false positives on nested documents (thanks G??r???? for reporting)

v 2.1.2.6rc2
x Work-around for content policy inconsistencies in Java applet origins
handling (thanks al_9x for reporting)

v 2.1.2.6rc1
+ Surrogate for the t.co Twitter URL shortener, which would otherwise
require JavaScript
+ USER ruleset conveniently pre-selected when ABE options are opened
x Improved invisible links detection approach

Get it!


#18 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 29 August 2011 - 12:23 AM

Attached File  logox60.png   9.84KB   0 downloadsNoScript v 2.1.2.7
x Better load progress feedback for hosts which are not DNS-cached yet
(thanks al_9x for reporting)

v 2.1.2.7rc3

x Improved Google Analytics surrogate (thanks al_9x for code)
x More intuitive handling of the "live" behavior of the ABE ruleset editor
when syntax errors are introducd (thanks al_9x for reporting)

v 2.1.2.7rc2
x Fixed OBJECT document inclusions failing under some circumstances

v 2.1.2.7rc1
+ Prevent any website from embedding view-source URIs inside frames
x Firefox 9.0a1 compatibility

Attached File  NoScript_Site_Icon.png   917bytes   0 downloads Get it!


#19 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 14 September 2011 - 06:38 AM

NoScript v 2.1.2.8
x Fixed placeholders hard to activate on HTML 5 Youtube videos

v 2.1.2.8rc2
x [XSS] Improved out-of-the-box compatibility with some Facebook games
x Fixed plugin blocking not working sometimes on file:// pages
loadeded before any network activity (thanks nagan for reporting)

v 2.1.2.8rc1
+ Google Plus One surrogate (thanks al_9x for code)
- Removed t.co surrogate, since Twitter implemented a NOSCRIPT fallback



Development version
If you're brave enough and you need a specific feature or fix not released yet, or you simply want to provide feedback before official release, you may try this development build. Recent development history:

http://noscript.net/getit



[+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change

#20 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 28 September 2011 - 12:07 AM

NoScript v 2.1.3
+ [Surrogate] Disqus surrogate to fix misplaced placeholder (thanks al_9x
for code)
+ [L10n] Bengali (thanks svarnava)
x Fixed missing placeholder for hidden embeddings (thanks royallin for
reporting)

v 2.1.3rc5
+ [Surrogate] "Before" script surrogates (whose sources are prefixed with
'<') get executed before the matching external script starts loading
(thanks al_9x for RFE)
+ [Surrogate] "After" script surrogates (whose sources are prefixed with
'>') get executed immediately after the matching external script runs
(thanks al_9x for RFE)

v 2.1.3rc4
x Fixed missing placeholder for plugin documents when collapsing blocked
object preference is set (thanks Mc for reporting)
x Removed problematic "(Temporarily) Allow all on this page" access keys
x Even better heuristic to match id-less replaced embeddings on reload

v 2.1.3rc3
x Better heuristic to match id-less replaced embeddings on reload

v 2.1.3rc2
x [XSS] Better compatibility with Facebook Connect apps

v 2.1.3rc1
x Fixed unblocking HTML 5 media clips from placeholder causes the throbber
to spin indefinitely (thanks al_9x for reporting)
x Fixed "..txt" (rather than ".txt") being appended as the default file
extension when exporting NoScript's configuration / whitelist (thanks
SeanM for reporting)
x Fixed inital directory uncorrectly initialized by the configuration
export dialog on some platforms (thanks SeanM for reporting)

v 2.1.2.9rc1
x Facebook Connect surrogate (thanks al_9x for code)
- Removed outdated anti-anti-adblocker surrogate


#21 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 29 September 2011 - 11:56 PM

Attached File  logox60.png   9.84KB   0 downloadsNoScript v 2.1.4
x Fixed speculative parsing causing inclusion surrogates to be executed
twice (thanks al_9x for reporting)

v 2.1.4rc1
x More efficient and Gecko-friendly HTTPS enforcing method

Attached File  post_7183_1282023403.png   917bytes   0 downloads Get it!


#22 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 12 October 2011 - 06:02 PM

NoScript v 2.1.5
x Improved object wiring emulation on placeholder activation (thanks al_9x
for report and code)

v 2.1.5rc3
+ [Surrogate] noscript.surrogate.sandbox preference to control the
execution method for inclusion surrogates

v 2.1.5rc2
x Work-around for CORS incompatibility with internal redirects
- Removed legacy threading management support

v 2.1.5rc1
x [Surrogate] Surrogates triggered by content policy calls get executed in a sandbox
x Moved SWFObject and Silverlight patching to early scripts
x Replaced every reference to XHR's "on..." event handler properties with
their addEventListener() counterparts, to cope with bug 687332 fallouts

http://noscript.net/getit


#23 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 22 October 2011 - 01:00 AM

NoScript v 2.1.6
+ noscript.keys.tempAllowPage about:config preference to configure a
keyboard shortcut for "Temporarily allow all this page"
+ noscript.keys.revokeTemp about:config preference to configure a keyboard
shortcut for "Revoke temporary permissions"
+ noscript.menuAccelerators about:config preference to switch keyboard
accelerators for "(Temporary) allow all this page" menu items on/off
x Fixed notifications get all shown on the top in a tab where one
notification has already been shown on the top
x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
a page where embedded content is present, until the menu is opened on
another page (thanks Archaeopteryx for reporting)
x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)

v 2.1.6rc1
x [Surrogate] Fixed sandboxed surrogates unable to set global variables

Get it!


#24 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 22 October 2011 - 01:11 AM


Get it!


Attached File  2.17.png   10.91KB   0 downloads


v 2.1.7
x [ABE] Fixed subrequests matching an Anon action rule not being shown in
the logs if already anonymized by the browser

v 2.1.7rc1
x Fixed error console noise regression from menu fixes (thanks al_9x and
Archaeopteryx for reporting)


#25 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 16 November 2011 - 02:56 AM

Attached File  logox60.png   9.84KB   0 downloads NoScript v 2.2
+ [ClearClick] Improved protection against Clickjacking on nested windowed
Flash targets (thanks Sommerrain and Tom T for reporting)

v 2.1.9
x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
used instead of "1.8"

v 2.1.9rc3

+ [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
+ Better heuristic for XSSI detection
- Removed previous work-around XSSI exceptions
x Fixed some DOM traversal bugs (thanks al_9x for reporting)
x Refined Google search meta refresh blocking exception
x Added meta refresh blocking exception for t.co (Twitter URL shortener)

v 2.1.9rc2
x Work-around for XSSI checks breaking some Yahoo! Mail features

v 2.1.9rc1
+ New noscript.forbidMetaRefresh.exceptions url pattern preference
+ Meta refresh blocking exception for Google Search (blank page shown
otherwise if meta refresh blocking is enabled, cookies are disabled for
Google and Google Search scripting is forbidden)

v 2.1.8
+ Improved anti-popunder built-in surrogate
x Fixed object autowiring upon placeholder activation regressed by recent
surrogate sandboxing changes

v 2.1.8rc2
+ noscript.xss.checkInclusions about:config preference (default true)
controls whether the new protection against reflected cross-site script
inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
+ noscript.xss.checkInclusions.exceptions about:confing preference to
disable XSSI checks for certain script sources (thanks al_9x for RFE)

v 2.1.8rc1
+ Protection against reflected script inclusion (thanks tlu for reporting)
x Fixed logged error message on permissions change (thanks Archaeopteryx
for reporting)

Attached File  NoScript_Site_Icon.png   917bytes   0 downloads Get it!


#26 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 24 November 2011 - 06:33 AM

NoScript v 2.2.1
+ [Locale] Updated he-il (thanks baryoni)
x [ClearClick] Fixed incompatibility with the FoxTab add-on

v 2.2.1rc2
+ [XSS] Deeper decoding on sanitization (thanks .mario for reporting)

v 2.2.1rc1
+ [XSS] More accurate recursive decoding (thanks .mario for reporting)

Get it!


#27 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 02 December 2011 - 04:58 AM

NoScript v 2.2.2rc5 as Final
+ [Surrogate] Wrapped in lexical scoped blocks scripts also when debug
mode is on (thanks al_9x for RFE)
+ [Surrogate] Early one-time syntax checks on setup (thanks al_9x for RFE)
x [ClearClick] Better compatibility with some GMail embeddings
x [XSS] Better compatibility with Visual Studio in-browser documentation
x [ClearClick] Fixed Adblock Plus causing false positives on Fx 3.6
x Improved HTML 5 DnD XSS protection (thanks Soroush Dalili for reporting)
x [Locale] Latvian (thanks gymka)

v 2.2.2rc4
x Protection against a new XSS technique based on HTML 5 DnD (thanks
Soroush Dalili for reporting)

v 2.2.2rc3

x Better compatibility with credit card verification systems
x [ABE] Fixed ruleset disablement status not surviving browser restarts
(thanks ssj100 for reporting)

v 2.2.2rc2

x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
for reporting)
x Turned remaining channel URI modification instances into
ChannelReplacement clients

v 2.2.2rc1
+ [XSS] Explicit check for potentially dangerous SMIL elements (thanks
.mario for suggestion)
+ Protection against scriptless keylogging (thanks .mario for reporting)

Get it!


Supported browsers: Firefox 3.0 and above, Beta, Aurora, Nightly, SeaMonkey 2.0 and above, IceWeasel
(Other browsers based on Gecko 1.9.0 and above might work, but are not tested.)


#28 Terryala

Terryala

    Board Grand Dad

  • Charter Members
  • 17,910 posts

Posted 07 December 2011 - 01:14 AM

NoScript v2.2.3

v 2.2.3rc4
==========================================================================
+ Configuration import/export directory is persisted across sessions

v 2.2.3rc3
==========================================================================
+ Generalized checks on drag and drop payloads
+ [XSS] Tightened checks on reflected java script: URIs

v 2.2.3rc2
==========================================================================
x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)

v 2.2.3rc1
==========================================================================
+ [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
+ [Surrogate] More homogeneous treatment for file-based surrogates (thanks
al_9x for RFE)

http://noscript.net/

#29 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 20 December 2011 - 09:56 PM

Attached File  logo_xmas.png   10.85KB   0 downloadsNoScript v 2.2.4 : All I Want for XSSMas...
x Fixed some localizations having newlines replaced with 'n' characters

v 2.2.4rc3

x Fixed regression in SWFObject emulation for plugin placeholders
x Fixed top-level surrogates broken by ECMAv5 version specification

v 2.2.4rc2
+ [ClearClick] Enhanced protection against same-window timing attacks
with moving pointer (thanks Michal Zalewski for PoC)
x SyntaxChecker's JavaScript version can be configured per-instance
(default "1.5")
x [Surrogate] JavaScript version set to "ECMAv5"
x [Surrogate] Use "ECMAv5" for early syntax checks

v 2.2.4rc1
x Fixed reflected script inclusion false positive on redirections
- Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
because of speculative parsing
x Restored wlxrs.com in the default whitelist (it had
accidentally changed back to two subdomains)
x Fixed resetting options doesn't erase the untrusted blacklist until
browser restart (thanks ddigas for reporting)


#30 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 03 January 2012 - 12:11 PM

Attached File  logo_xmas.png   10.85KB   0 downloadsNoScript v 2.2.5
x [ClearClick] Better compatibility with recent Disqus widget versions

v 2.2.5rc3
x [XSS] Better compatibility with Verified by VISA (www.securesuite.net)
x Tentative work-around for bug 710170

2.2.5rc2
x Work around for Linux tooltips obstructing the embedding unblocking
confirmation dialog

v 2.2.5rc1
x Work around for Mozilla bug 712649