Jump to content


Photo

NoScript 10 Web extension


  • Please log in to reply
25 replies to this topic

#1 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 19 November 2017 - 08:12 PM

NoScript 10 for Firefox 57+ has been delayed..more news in Giorgio's blog:

 

"2017-11-14: We're working hard to make NoScript for Quantum available to you as soon as possible, definitely by the end of this week."

 

Unfortunately, it's still not ready at the proposed date/time, so check the updated post (11/18) and hold for more news..........

 



#2 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 20 November 2017 - 10:57 PM

Attached File  NoScript_Logox38.png   4.91KB   0 downloads NoScript 10.1.1 - Secure all those processes!

released Nov. 20, 2017 570.7 KiB
Works with Firefox for Android 57.0 and later, Firefox 57.0 and later


Main good news
• First pure WebExtension release.
• CSP-based first and third party script blocking
• Active content management with DEFAULT, TRUSTED, UNTRUSTED and CUSTOM (per site) presets.
• Extremely responsive but as powerful as ever XSS filter leveraging the asynchronous webRequest API.
• On-the-fly cross-site requests whitelisting (no more convoluted regexp-based XSS exceptions!)
Next to come (in a few weeks), ClearClick and ABE.

Changelog:
+ First pure WebExtension release.
+ CSP-based first-party script script blocking
+ Active content blocking with DEFAULT, TRUSTED, UNTRUSTED and
CUSTOM (per site) presets
+ Extremely responsive XSS filter leveraging the webRequest asynchronous API
+ On-the-fly cross-site requests whitelisting

 

Attached File  NoScriptXmas.png   10.85KB   0 downloads

»noscript.net/getit
»addons.mozilla.org/en-US ··· oscript/



#3 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 22 November 2017 - 03:59 AM

Be sure to follow Giorgio's blog; very useful information on ongoing development and users' feedback:

https://hackademix.net/



#4 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 26 November 2017 - 03:22 PM

Attached File  NoScriptXmas57.png   7.17KB   0 downloads  NoScript 10.1.2

+ Added "Revoke temporary permissions" button
+ Added "Temporarily allow all this page" button
x Simplified popup listing, showing base domains only (full
origin URLs can still be entered in the Options window to
further tweak permissions)
x Fixed UI not launching in Incognito mode
x Fixed changing permissions in the CUSTOM preset affecting
the DEFAULT permissions sometimes
x Fixed UI almost unusable in High Contrast mode
x Fixed live bookmark feeds blocked if "fetch" permissions
were not given
x Fixed background requests from other WebExtensions being
blocked

 

Get it!



#5 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 01 December 2017 - 07:06 PM

NoScript v 10.1.4
x Fixed script enablement feedback dependant on page's own
CSP (thanks Rob Wu for reporting)
x Fixed MSE detection injection using window.eval (thanks
Rob Wu for reporting)
x Fixed window being resized and NoScript UI shown in a
separate popup when triggered on a maximized window
x General performance improvement by removing unnecessary
asynchronous webRequest listeners

v 10.1.3
x Hotfix for wiped TRUSTED permissions
x Hotfix for NoScript failing to load if XSS was disabled in
previous session

 

Get it!



#6 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 02 December 2017 - 11:43 AM

Attached File  NoScriptXmas.png   10.85KB   0 downloads  NoScript v 10.1.5
+ [XSS] Added "Always block requests from ... to ..." in XSS
warning prompt
x [XSS] Fixed url decoding bug (thanks Masato Kinugawa for
reporting)
x Fixed some blocked items not reported in the UI (thanks Bo
Elam for reporting)
x Changed the CSP internal report URI to noscript-csp.invalid
(thanks Tom Schuster Mario Heiderich for RFE)
- Removed unused MSE detection code (thanks Rob Wu for
reporting)

 

Get it!



#7 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 02 December 2017 - 12:35 PM

Attached File  NoScriptXmas.png   10.85KB   0 downloads  NoScript v 10.1.5.1

x Fixed regression from new "fail fast" XSS filter main loop,
causing cross-site requests to Google to trigger false
positives (thanks Steve M for reporting)

 

Get it!



#8 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 03 December 2017 - 11:17 AM

NoScript v 10.1.5.3
x Fixed regression causing NoScript to ask to reload pages in
order to show permissions more than once upon installation
- Removed most animations causing older system to lag when
large permissions lists are displayed in Options

v 10.1.5.2
x Improved work-around for blank windows on Linux Firefox bug
x Fixed XSS false positives on POST requests without data



#9 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 06 December 2017 - 10:00 AM

Attached File  NoScriptXmas57.png   7.17KB   0 downloads NoScript v 10.1.5.5

+ [UI] Clicking on the domain label now opens the "Security
and privacy info" webpage (like middle click on "Classic").
+ "Reset to Defaults" button in the options window
x Improved content script initialization logic (thanks Rob Wu
for suggestions)
x [XSS] Fixed 2nd level interactive bypass (thanks Masato
Kinugava for reporting)
x Fixed sites manually added from the Options textbox don't
stick (thanks Just_Golem for reporting)



#10 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 09 December 2017 - 11:36 AM

NoScript v 10.1.5.6

 

- removed yandex.st from default whitelist (see
https://forums.infor...ic.php?t=23655)
x [XSS] Streamlined multiple unescaping standards handling
x [XSS] Generalized work-around for browser's URL parsing
oddities (thanks Masato Kinugava for reporting)
+ "Temporarily set top-level sites to TRUSTED" option
x [XSS] Fixed user choices forgot across browser sessions

 

Get it!



#11 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 11 December 2017 - 01:08 AM

NoScript v 10.1.5.7

 

+ Settings import functionality, backward compatible with
NoScript 5 formats
+ Settings export functionality
+ [XSS] The filter now automatically skips embedded documents
which would normally be blocked
x Base domain matching now uses a single dot rule for unknown,
private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
x [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato
Kinugava for reporting)
x Better feedback for errors in the policy's debug JSON view
(thanks E-Raser for RFE)

 

Get it!



#12 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 16 December 2017 - 06:42 PM

Attached File  NoScriptXmas57.png   7.17KB   0 downloads NoScript v 10.1.5.8

+ Fix for Linux rendering performance issues
+ First "Quantum" Android support
x Inverted order of domains vs full sites in popup

 

Get it!



#13 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 17 December 2017 - 07:11 PM

NoScript v 10.1.5.9

x Fixed some XSS false positives
x Fixed out of scale rendering regression on high DPI screens

 

Get it!



#14 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 18 December 2017 - 09:03 PM

NoScript v 10.1.6

x [XSS] Improved sensitivity of JSON whitelisting (thanks
@SamuraiFoochs for reporting)
x [XSS] Improved specificity of nested URL checks (thanks
@SamuraiFoochs for reporting)
x New configuration export implementation, more convoluted
but not requiring the "downloads" permission

 

Get it!



#15 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 30 December 2017 - 08:58 AM

Attached File  NoScriptXmas57.png   7.17KB   0 downloads NoScript v 10.1.6.1

x Reduced UI sizes in desktop version
x Work-around for Firefox bug preventing the Export button
from working on non-Windows platforms

 

Get it!