Jump to content


Photo

NoScript 1.9.x - 'Your Friendly Web Cop'


  • This topic is locked This topic is locked
64 replies to this topic

#61 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 27 May 2010 - 03:31 AM

NoScript 1.9.9.80
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)

v 1.9.9.79

x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)

v 1.9.9.78
x Redirect cache for scripts and XBL only
x Fixed cross-site CSS being blocked under some circumstances (e.g.
on Flicker and Yahoo)

Attached File  NoScript_Site_Icon.png   917bytes   0 downloads ... Get it!


#62 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 29 May 2010 - 03:59 AM

Attached File  NoScript.png   3.98KB   0 downloadsNoScript v 1.9.9.81
+ Experimental blocking of page refreshes happening inside untrusted
unfocused tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing" variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:
  • 0 - no blocking
  • 1 - block refreshes on untrusted unfocused tabs
  • 2 - block refreshes on trusted unfocused tabs
  • 3 - block refreshes on both trusted and untrusted unfocused tab
Address patterns matching pages which shouldn't be affected can be
listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression

Attached File  NoScript_Site_Icon.png   917bytes   0 downloads ...Get it!


#63 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 11 June 2010 - 12:34 AM

NoScript v 1.9.9.87
x Improved URL parsing in META refresh interception
x Optimized * universal pattern in AddressMatcher
x Better error reporting during the execution of location bar scriptlets

v 1.9.9.86
+ Better timing for page-level script surrogates inside frames
+ mime/type@http://site.com syntax support for noscript.allowedMimeRegExp
preference (thanks Gregyski for request)
+ Improved XSS checks accuracy (less false positives) and performance
+ Enhanced management of recent Silverlight versions (thanks al_9x for
reporting)

v 1.9.9.85
+ More accurate checks for META inside NOSCRIPT with HTML 5 parser
x Fixed possible DOS condition on some kinds of very long URLs

v 1.9.9.84
x Improved heuristic for background refresh automatic blocking and
reenablement
x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element

v 1.9.9.83
x Fixed some sites refreshing themselves even if another load has been
initiated (thanks Dirk S for reporting)

v 1.9.9.82
+ More discreet and automated anti-tabnagging protection (refreshes are
blocked on unfocused tabs and get automatically executed only when
tab gets in focus again)
+ Slight optimization of AddressMatcher tests on .site.com clauses
x Fixed noscript.forbidBGRefresh.exceptions not being honored
x Better handling of error conditions happening during ABE's channel
replacement internal redirections (thanks al_9x for reporting)
x Fixed minor feedback icon glitches (thanks al_9x for reporting)

Attached File  NoScript_Site_Icon.png   917bytes   0 downloads Get it!


#64 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 06 July 2010 - 01:38 AM

Attached File  NoScript.png   3.98KB   0 downloads NoScript v 1.9.9.98
+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

v 1.9.9.98rc6
x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
restart

v 1.9.9.98rc5
+ Support for the latest Gecko 2 XPCOM changes
x Work-around for Mozilla's bug 576492

v 1.9.9.98rc4
+ noscript.surrogates.debug preference enables console logging of uncaught
exceptions happening in surrogates (thanks al_9x for suggestion)
x Better error handling in surrogates, prevents a failing scripts to abort
the others
x Improved AMO surrogates, allows right-click menu to work on install
buttons (thanks Mc for reporting)

v 1.9.9.98rc3
x Fixed bug on edge case minimum placeholder size computation when object
to be replaced is out of the current viewport
x Version compatibility bump for Firefox 4.0b2pre
x Fixed regression: untrusted icon not being shown when all the sources
of a page are untrusted (thanks al_9x for reporting)

v 1.9.9.98rc2
+ window.toStaticHTML implementation
x Improved placeholders for embeds nested in ActiveX OBJECT elements

v 1.9.9.98rc1
+ Surrogate for Google Search thumbnails when Google is not whitelisted
+ Automatic reload on permission change setting now affects pages
containing embeddings which change status too, whose reload can be also
forced through the noscript.autoReload.embedders preference:
0 - never reload
1 - inherit the noscript.autoReload setting
2 - force reload
+ Prevent reload on pages where a 3rd party script changed its
permissions status but the top-level is forbidden and unchanged
+ Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
whitelisted

v 1.9.9.97
x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu
for reporting)
x Compatibility version bump for Seamokey trunk

v 1.9.9.97rc1
x Fixed '@' surrogates being ran on scriptless pages
x Recentering on the parent form for ClearClick checks over a form widget
reduces false positives over obstructed frames

v 1.9.9.96

x Fixed Script Surrogates activation glitches

v 1.9.9.95
x Fixed wrongly sized placeholders on Youtube (regression from rc1)

v 1.9.9.95rc2

x More accurated feedback on nested object blocking (thanks al_9x for
reporting)
+ External filters command line template updated with request origin as
the 3rd argument

v 1.9.9.95rc1

+ imagebam surrogate kills popups over images and popunders on click
+ imagehaven surrogate kills popups over images and popunders on click
+ inserstitialBox surrogate kills interstital on imagevenue.com
+ "!@" prefixed surrogates run no matter whether scripts are enabled or
disabled for the page (in a DOMContentLoaded event handler)
x Fixed JS redirect handling causing duplicate object placeholders on
scriptless pages containing embeddings only
x Fixed ABE's SELF checks fail on redirects which contain a browser URL

v 1.9.9.94
x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
browsers like SeaMonkey (thanks therube for reporting)
X Better icon feedback on page where there's no script element but some
plugin content has been blocked

v 1.9.9.93
x Fixed ClearClick false positives when RTL content or browser settings
put the vertical scrollbar on the left (thanks Mark Callow for report)
x Fixed setting noscript.checkInjectionType to false did not disable the
feature (thanks al_9x for report)
x More accurate embedded object replacement (thanks al_9x for report)

v 1.9.9.92
x Fixed Places-related bug on Minefield (thanks mpz for reporting)
x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
(allow same domain) if either the parent or the frame is marked as
untrusted (thanks al_9x for suggestion)

v 1.9.9.91

x More compatible docShell reaching, works around some buggy extensions
which wrap browser.webNavigation just partially
x InjectionChecker's XML reduction more compatible with SAML

v 1.9.9.90
+ Optimal timing for page-level surrogates in frames
x ClearClick exceptions are considered independently from the JavaScript
whitelist as they should
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)

v 1.9.9.89
x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
(thanks al_9x for reporting)
x More consistent icon feedback with docShell-based cascading JS blocking
(thanks al_9x for reporting)

v 1.9.9.88
x Inclusion type checks try to infer file type from directory-like URLs
x More consistent web bugs blocking with forced NOSCRIPT elements
x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
reporting)
x Version compatibility bump to Firefox 3.7a6pre

Attached File  NoScript_Site_Icon.png   917bytes   0 downloads Get it!


#65 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 07 July 2010 - 12:04 AM

v 1.9.9.99
x Emergency fix for a page reload bug on Mac OS X causing high CPU
consumption after permission changes (thanks "D A" for reporting)