Jump to content


Photo

NoScript 10 Web extension


  • Please log in to reply
25 replies to this topic

#16 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 30 December 2017 - 09:19 PM

NoScript v 10.1.6.2

+ Individual temporary / permanent TRUSTED preset buttons
- Removed customizability of DEFAULT, TRUSTED and UNTRUSTED
preset from the popup (reported as a major source of
confusion) while keeping it in the Options tab
x Better display on mobile devices in portrait mode
x Fixed focus bug on mobile devices
x Fixed confirmation prompt when loading Site Info for the
first time being ignored
x Fixed import feature failing on some full JSON "Classic"
export files (thanks Floe for reporting)
x Fixed policy serialization bug causing temporary TRUSTED
sites to be listed in the UNTRUSTED array as well (thanks
pal1000 for reporting)
x Fixed action icon being disabled on Options tabs and not
re-enabled when navigating away in the same tab (thanks
geek99 for reporting)

 

Get it!



#17 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 29 January 2018 - 08:35 AM


NoScript 10.1.6.3

x Improved tooltip clarity
x Added version number to the browser action tooltip (thanks
therube for RFE)
x More restrictive domain matching in the main UI for "fake"
TLDs, showing pseudo 2nd level domains containing one dot
x Domain matching now treats unknown no-dot domains (not in
the public suffixes list) as TLDs everywhere (fix finally
not overwritten by auto-generated tld.js)
x Fixed rc4 regression causing synchronized changes not to be
persisted
x Smarter XSS popup behavior when reporting concurrent events
from/to the same origins
x Fixed full breakage when sync storage is disabled
x Improved layout on small screens (less than 10cm wide)
x Moved preset customization into its own (more discoverable)
global Options section, rather than embedded in assignment
x Improved validation of manual entries
x Needed capabilities highlighted also on short-hand domain
matched entries inside the CUSTOM preset
x Domain matching now works also for manually entered TLDs
and pseudo-TLDs, such as "gov.us" or "cloudflare.net"



#18 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 29 January 2018 - 08:37 AM

NoScript 10.1.6.4

 

x Fixed race condition on XSS filter first load
x Fixed duplicate entries in UI on page reloads (thanks 8-bit
for reporting)
+ Spinner for long sites lists in Options page
- Removed obsolete work-around for accidental TRUSTED preset
wiping
x [UI] Fixed clicking on capability's label doesn't toggle
the related checkbox (thanks dhouwn and olf for reporting)
x [XSS] Fixed false positives on badly encoded URLs (thanks
sage11 for reporting)

 

Get it!



#19 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 14 February 2018 - 09:27 PM

NoScript v 10.1.6.5

+ Context menu on web pages to access main UI
x Fixed UI regression showing only the two rightmost
components of IPv4 addresses
x [XSS] More specific and unobtrusive handling of window.name
sanitization
x Fixed "XSS User Choices" not being included in Export files

 

Get it!



#20 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 15 March 2018 - 08:04 AM

NoScript 10.1.7

x "Needed type" feedback in Custom preset for data: and blob:
fonts (thanks skriptimaahinen for report)
+ Pressing DEL while left-mousing down on a fixed/absolutely
positioned element of a script-disabled page removes it,
allowing users to dismiss in-content popup "windows" and
blocking overlays
x Fixed changing sites permission resets local preferences
regression from 10.1.7rc1 (thanks pal1000 for report)
x Fixed data: and blob: fonts not blocked even if the "font"
permission is not given to the main document (thanks
skriptimaahinen for report and preliminary patch)
+ "Appearance|List full addresses in the permissions popup"
option, off by default, to simplify the popup UI
+ "webgl" requirement feedback in CUSTOM permissions
+ "webgl" placeholder wherever possible
+ Activated beta channel updates from secure.informaction.com
+ WebGL blocking now honored on scripted pages
x Quantum RC versions are hosted on secure.informaction.com
from now on due to beta channel deprecation on AMO

 

Get it!



#21 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 16 March 2018 - 07:14 PM

NoScript v 10.1.7.2

x Fixed bug causing so
me pages and RSS feeds to fail without
access to NoScript UI

 

Get it!



#22 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 25 March 2018 - 12:10 PM

NoScript v 10.1.7.5

x Fixed edge case CSP injection bug (thanks Rob Wu)
x Optimized dynamic script injection (thanks Rob Wu)
x Fixed potential leak on dynamic script injection (thanks
Rob Wu for report)
x Now NoScript's UI on privileged pages explains permissions
cannot be configured there, rather than bluntly opening the
Options page (thanks Rob Wu for suggestion)

v 10.1.7.4
x Fixed script enablement status not correctly detected on
some pages rolling their own CSP (causing NOSCRIPT element
and META refresh emulation not to be triggered)
x Fixed "Appearance" NoScript Options tab missing on Android
x [XSS] Fixed semicolon-separated JSON payloads DDOSing the
JSON-optimizer, e.g. with syndication.twitter.com subframes
(thanks KonomiKitten and pal1000 for reports)
x [UI] Renamed "Scripts globally allowed (dangerous)" option
to "No permissions enforcement (dangerous)" to better
reflect its actual effect
x [UI] Better feedback about "No permission enforcement" by
disabling the "Preset customization" section and and the
"Per-site Permissions" tab
x [UI] Moved XSS-related options to the "Advanced" tab
x Fixed disabled webgl breaking feeds on script-enabled sites
(thanks pal1000 for reporting)
x Enhanced dynamic script injection if browser.contentScripts
API is available
x Expanded support for webgl canvas placeholders

 

v 10.1.7.3
x Fixed infinite script count report loops on some sites
(thanks AuntyJack, @ALoss2 and others for reporting)
x Fixed localhost not being recognized as a domain (thanks
skriptimaahinen for patch)
x Fixed regression causing NOSCRIPT element and META refreshes
not to be emulated anymore on script-disabled pages (thanks
barbaz and fatboy for reporting)



#23 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 28 April 2018 - 04:43 PM

NoScript v 10.1.8.1

 

+ [UI] "Disable restrictions for this tab" button in popup
+ [UI] "Disable restrictions globally" button in popup
x Fixed some content blocking stats collection bugs (Thanks
Rob Wu and skriptimaahinen for reports)
x Fixed data: and blob: URIs could be loaded as object and
media sources independently from the parent page's
permissions (thanks skriptimaahinen for report)
x Several performance improvement in inter-process content
blocking stats synchronization (thanks Rob Wu for report)
x [UI] Improved in-popup messages
x [UI] Simplified URL management in "Allow object" prompt
x Fixed dynamic scripts URL matching inconsistencies

 

Get it!



#24 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 19 July 2018 - 06:06 PM

NoScript v 10.1.8.2
+ Popup toolbar buttons fully configurable via Drag'n'Drop
x Removed redundant leading "NoScript" in window titles
x Work-around for Firefox 60 bug breaking about:blank pages
when a WebExtension declares a "document_start" CSS (thanks
skriptimaahinen for report and fix)
x Fixed buttons in the "hide area" still responsive to clicks



#25 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 19 July 2018 - 06:08 PM

NoScript v 10.1.8.8
x Prevent script injection from messing with
content-disposition=attachment responses.

 

Get it!

v 10.1.8.7
x Fixed regression breaking meta refresh with relative URLs

v 10.1.8.5
x Completed fix for quoted URLs in meta refresh (thanks
Juozas for reporting)
x [L10n] Fixed es translation (thanks Deckan)
x Cosmetic bug fixes
x Updated TLDs

v 10.1.8.4
x [L10n] Fixed es translation (thanks Deckan)
x Cosmetic bug fixes
x Updated TLDs

v 10.1.8.3
x [XSS] Fixed InjectionChecker choking at some big JSON
payloads sents as POST form data
x Fixed meta-refresh emulation confused by quoted URLs
x [ESR60] Fixed dynamic script injection issues with XML
feeds (thanks skriptimaahinen for report)
x [ESR60] Work-around for Moz Bug 1410755
x Autosize preset buttons to accomodater bigger localized
labels
x [L10n] Shortened de labels (thanks musonius)
x More graceful handling of internal and restricted URLs
(thanks skriptimaahinen for report)
+ [L10n] Added de, es, fr, it, nl, pt_BR and zh_CN locales
(courtesy of Mozilla's localization campaign)
x Switch to inline elements as "NOSCRIPT" HTML replacements
x Fixed subframe content changes producing ambiguous NoScript
icon feedback
x More meaningful/useful popup on (semi)privileged documents
x [Tor Browser] Work-around for crypto-based uiid function
failing on startup
x [Tor Browser] Backported new dynamic script injection to
ESR60
+ Included license files in the XPI
+ [XSS] In-depth protection against native ES6 modules abuse
x Fixed dynamic script injection issues (thanks
skriptimaahinen for help)
+ MSE media reporting and blocking (e.g. on Youtube)



#26 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 15 October 2018 - 07:02 PM

NoScript v 10.1.9.8

x Fixed preset customization UI showing inherited DEFAULT
permissions if a protocol-level preset exists
x Simplified CSP HTTP header injection, avoiding report-to
until actually supported by browsers
x [L10n] Updated ru (thanks fatboy)
+ [Tor] Better UX for overriding protocol-level permissions
+ [Build] Option to force TLD updates
+ [L10n] Updated (es, ru) and new (el, he, ms, nb) locales
from OTF's Localization Lab Transifex project
+ [L10n] no_BO translation by comradekingu
+ FTP directory UI emulation on script-disabled domains
x Include ftp:// URLs in non-secure domain matching (thanks
Rassilon for RFE)

 

Changelog

 

Get it!