v 11.2.11
============================================================
x [nscl] Fixed JavaScript access to CSS rules broken on
Chromium when unrestricted CSS is disabled - issue #204
x Prevent Chromium builds from being sent to AMO for signing
x [nscl] Fixed CPU/RAM overload on some pages with
unrestricted CSS disabled but scripting enabled (not
recommended setting) - issue #194, issue #199
x [nscl] Fixed CPU spikes on Chromium triggered by automatic
file downloads (thanks ptheborg for report)
v 11.2.10
============================================================
x Cross-browser file naming consistency, in spite of version
numbering incompatibilities
x [nscl] Fix for potential race conditions on certain page
transitions (issue #205)
x Handle exception when accessing navigator.serviceWorker on
sandboxed frames
x MS Edge support
v 11.2.9
============================================================
x [L10n] Updated de, mk
x Replace deprecated extension.getURL() with
runtime.getURL()
x REUSE-compliant licensing boilerplate
x Remove unused/refactored-out files
x Relicensing as GPL3+
x [nscl] Fixed infinite recursion issue on window.open
wrappers
x Avoid treating JavaScript files as embeddings when opened
as top-level documents
v 11.2.8
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he, de
x Fix meta refresh sometimes ignored on Firefox 78 ESR
(issue #192, thanks hackerncoder for report)
x Chromium-specific build-time customizations
v 11.2.8rc2
============================================================
x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he
v 11.2.8rc1
============================================================
x Fix meta refresh sometimes ignored on Firefox 78 ESR
(issue #192, thanks hackerncoder for report)
x [l10n] Updated de
x Chromium-specific build-time customizations
v 11.2.7
============================================================
x Better prompt layout (no accidental scrollbar)
x [nscl] Fix regression causing media patches to break some
pages (thanks l0drex for report, issue #189)
v 11.2.6
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
scriptless pages (thanks skriptimaahinen for RFE)
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed race condition causing external CSS not to be
rendered sometimes when unrestricted CSS is disabled
x Avoid document rewriting for noscript meta refresh
emulation in most cases
x [nscl] Fixed XHTML pages broken when served with
application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
/nscl/service/DocStartInjection.js
x Configurable "unrestricted CSS" capability to for sites
where the CSS PP0 mitigation should be disabled
(e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
operator pre-checks
v 11.2.6rc1
============================================================
x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
scriptless pages (thanks skriptimaahinen for RFE)
v 11.2.5rc6
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Policy retrieval origin fine tuning
v 11.2.5rc5
============================================================
x Fixed hook not taking in account experimental webgl
contexts (issue #187, thanks roman567e45 for report)
v 11.2.5rc4
============================================================
x Fixed regression in NOSCRIPT emulation (thanks barbaz for
reporting)
v 11.2.5rc3
============================================================
x Fixed race condition causing external CSS not to be
rendered sometimes when unrestricted CSS is disabled
x Rename "unchecked CSS" capability to "unrestricted CSS"
x Avoid document rewriting for noscript meta refresh
emulation in most cases
v 11.2.5rc2
============================================================
x [nscl] Minor fixes from the library
x [nscl] Fixed XHTML pages broken when served with
application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
/nscl/service/DocStartInjection.js
x [nscl] Refactored ContentScriptOnce.js to the library
x Rename the "csspp0" capability to "unchecked_css"
v 11.2.5rc1
============================================================
x Configurable "csspp0" capability to for sites where the
CSS PP0 mitigation should be disabled (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
operator pre-checks
v 11.2.4
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
(https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
(thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
in a tight loop
x [UI] More understandable label for the cascading
restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements
v 11.2.4rc5
============================================================
x [nscl] Inteception of webgl context creation in
OffscreenCanvas too
x Fixed regression: Site Info broken by NSCL refactoring
v 11.2.4rc4
============================================================
x [nscl] Fixed unmerged NetCSP "extra" headers always
undefined
x HTML event atoms reorder in Mozilla sources
v 11.2.4rc3
============================================================
x Avoid stack trace generation for debugging purposes on
release builds
x More selective CSS PP0 protection, excluded on the Tor
Browser where it's unneeded and easier to test/debug on
dev builds
x Make isTorBrowser information available in child policy
x Prevent console noise on startup with privileged tabs
x [nscl] More refactoring out in NoScript Commons Library
v 11.2.4rc2
============================================================
x [nscl] Switch to NSCL for messaging
x [nscl] Rollback unneded window.opener patching (thanks
skriptimaahinen for insight)
x CSS PP0 mitigation: cross-site stylesheets on scriptless
pages, one resource per host
x Limit CSS PP0 mitigation to scriptless pages and prefetch
only cross-site resources
v 11.2.4rc1
============================================================
x CSS resources prefetching as a mitigation against CSS PP0
(https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
ru, sq, tr, zh_CN
x Fixed configuration upgrades not applied on manual updates
(thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
in a tight loop
x [UI] More understandable label for the cascading
restrictions option
x [nscl] patchWindow improvements
x [nscl] Switch to NSCL's generic inclusion shell script
v 11.2.3
============================================================
x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
element capability
x Fixed missing red halo feedback in CUSTOM preset for
inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
rendered sometimes
v 11.2.2
============================================================
x Fixed typo in version checked on noscript capability update.
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pt_BR, ru, sq, sv_SE, tr, zh_CN,
zh_TW.
v 11.2.1
============================================================
x Configurable capability to show noscript elements on
script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
attempts even if the canvas element is not attached to the
DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
interception) on Chromium
v 11.2.1rc4
============================================================
x [UI] Minor CSS Chromium compatibility fix
x Configurable capability to show noscript elements on
script-disabled pages
x [L10n] Updated de
v 11.2.1rc3
============================================================
x [nscl] Improved integration of the NoScript Commons
Library
x Moved nscl submodule into src
x [nscl] Update (restructured tree)
x Removed nscl cache directory from src
x [nscl] Refactoring to use Policy and its dependencies from
the NoScript Commons Library
v 11.2.1rc2
============================================================
x Remove ||= operator which makes AMO's validator explode
x Switch to faster and easier to maintain tld.js from nscl
x [nscl] Updated with TLD_CACHE removal after usage
x [nscl] Updated NoScript Common Library inclusions
x Added the NoScript Commons Library (nscl) as a submodule
x [UI] Fix punycode inconsistencies
x [UI] improve preset and site controls alignment
x Updated TLDs
x Provide feedback in the CUSTOM tab for WebGL usage
attempts even if the canvas element is not attached to the
DOM
x [L10n] Updated de, ja
x Updated HTML events
v 11.2.1rc1
============================================================
x Prevent double script on trusted file:// pages in some
edge cases
x Updated events archive
x Prevent detection of wrapped functions (e.g. in WebGL
interception) on Chromium
x Updated TLDs
x Merge German language update
v 11.2
============================================================
x [XSS] New UI to reveal and selectively remove permanent
user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
made Chromium-compatibile
x Updated TLDs
v 11.2rc3
============================================================
x [XSS] Fixed choice manager UI bug (thanks barbaz for
report)
v 11.2rc2
============================================================
x Updated TLDs
x [XSS] New UI to reveal and selectively remove permanent
user choices
v 11.2rc1
============================================================
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
made Chromium-compatibile
x Updated TLDs
v 11.1.9
============================================================
x Return null when webgl is not allowed (thanks Matthew
Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
added to existing subdomain (thanks barbaz for reporting)
v 11.1.9rc5
============================================================
x Return null when webgl is not allowed (thanks Matthew
Finkel for patch)
v 11.1.9rc4
============================================================
x Updated TLDs
x [XSS] Fixed memoization bug resulting in performance
degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
worker
x Shortcut for easier XSS filter testing
v 11.1.9rc3
============================================================
x More lenient filter to add a new entry to per-site
permissions
v 11.1.9rc2
============================================================
x [L10n] Updated de
x Better fix for per-site permissions UI glitches (thanks
barbaz for reporting)
v 11.1.9rc1
============================================================
x Replace script-embedded bitmap with css-embedded SVG as
the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
added to existing subdomain (thanks barbaz for reporting)
v 11.1.8
============================================================
x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs
v 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
(thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDs
v 11.1.7rc3
============================================================
x Updated TLDs
x Optimize serviceWorker tracking for heavy tabs usage
(thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
v 11.1.7rc2
============================================================
x Fixed popup opening being slowed down if options UI is
opened (thanks Sirus for report)
v 11.1.7rc1
============================================================
x Explicit failure for wrong settings importation formats
v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders
v 11.1.6rc6
============================================================
x Better handling of concurrent prompts issues (thanks
billarbor for reporting)
v 11.1.6rc5
============================================================
x Remove z-index boosting from ancestors when placeholder is
collapsed or replaced (issue #162)
v 11.1.6rc4
============================================================
x Fixed permission keyboard shortcuts being triggered with
modifiers like CTRL (thanks barbaz for report)
v 11.1.6rc3
============================================================
x More accurate blockage reporting, with better filtering of
page's own CSP effects
v 11.1.6rc2
============================================================
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
v 11.1.6rc1
============================================================
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders
v 11.1.5
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
ppxxbu and skriptimaahinen)
x Updated TLDs
v 11.1.5rc2
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
v 11.1.5rc1
============================================================
x Work-around for Firefox 82 media redirection bug (thanks
ppxxbu and skriptimaahinen)
x Updated TLDs
v 11.1.4
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
blob: media placeholders on Chromium
x Fixed race condition causing temporary settings not to
survive updates sometimes
x Updated TLDs
x [Mobile] Improved prompts appearance on Android
v 11.1.4rc3
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
blob: media placeholders on Chromium
v 11.1.4rc2
============================================================
x Fixed race condition causing temporary settings not to
survive updates sometimes
v 11.1.4rc1
============================================================
x Updated TLDs
x [Mobile] Improved prompts appearance on Android
v 11.1.3
============================================================
x Fixed regression: document media and font restrictions
always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDs
v 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
(thanks Horsefly for report)
v 11.1.0
============================================================
x Improved blocking of media documents unaffected by
webRequest
x Automatically init tag message with last changelog
x Improved NOSCRIPT element emulation compatibility with XML
documents
x webNavigation.onCommitted + tabs.executeScript to deliver
DOM policies earlier whenever possible
x Partial work-around for Fx 80 file:// documents parsing
inconsistencies (further fix for issue #156)
x Cache policy on top document for file:// subdocuments
(fixes issue #156)
x Enforce more restrictive CSP on media/object documents
x Better cross-browser media handling
x [Mobile] Use tabs as prompts if the browser.windows API is
missing
x Fix browser UI for image, audio and video content being
partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
v 11.1.0rc2
============================================================
x Improved blocking of media documents unaffected by
webRequest
x Automatically init tag message with last changelog
v 11.1.0rc1
============================================================
x Improved NOSCRIPT element emulation compatibility with XML
documents
v 11.0.47rc6
============================================================
x webNavigation.onCommitted + tabs.executeScript to deliver
DOM policies earlier whenever possible
x Fixed typo causing CSP-based media blocking to skip
requests with no content-type header
v 11.0.47rc5
============================================================
x Partial work-around for Fx 80 file:// documents parsing
inconsistencies (further fix for issue #156)
v 11.0.47rc4
============================================================
x Cache policy on top document for file:// subdocuments
(fixes issue #156)
x Updated TLDs
x Enforce more restrictive CSP on media/object documents
v 11.0.47rc3
============================================================
x Better cross-browser media handling
x Improved file: directory path normalization
v 11.0.47rc2
============================================================
x [Mobile] Use tabs as prompts if the browser.windows API is
missing
v 11.0.47rc1
============================================================
x Fix browser UI for image, audio and video content being
partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
(would have to be pulled up anyway)
v 11.0.46
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
runnning in subdocuments
x Fixed deferred scripts in file:// pages may run twice
(issue #155)
x Fixed rendering bug with scrolled file:// pages on soft
reload (thanks Iouri for report)
x Fixed 11.0.44 regression: ghost media item reported on
every page
x Better emulation of SVG events
v 11.0.45rc5
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
runnning in subdocuments
v 11.0.45rc4
============================================================
x Fixed deferred scripts in file:// pages may run twice
(issue #155)
v 11.0.45rc3
============================================================
x Fixed rendering bug with scrolled file:// pages on soft
reload (thanks Iouri for report)
v 11.0.45rc2
============================================================
x Fixed 11.0.44 regression: ghost media item reported on
every page
v 11.0.45rc1
============================================================
x Better emulation of SVG events
v 11.0.44
============================================================
x Dispatch synthetic SVGLoad event in soft load when needed
x [L10n] Updated da, es
x Fixed namespacing issues with script replacements
x Fixed media placeholder not shown when blocking Youtube
movies
x Work around for unpredictable content script execution
order
x Ensure content of NoScript prompts is always visible
x Fixed soft reload messing with non UTF-8 encodings (thanks
"Quest" for reporting)
x Updated TLDs
x [XSS] Fixed escape detection bug causing strage false
positives (thanks Dave Howorth for report)
v 11.0.44rc7
============================================================
x Better reflect event firing order in soft reload emulation
v 11.0.44rc6
============================================================
x [L10n] Updated da
x Dispatch synthetic SVGLoad event in soft load when needed
v 11.0.44rc5
============================================================
x Fixed typo
v 11.0.44rc4
============================================================
x Fixed namespacing issues with script replacements
x Fixed typo in content script ordering work-around
v 11.0.44rc3
============================================================
x Fixed media placeholder not shown when blocking Youtube
movies
x Work around for unpredictable content script execution
order
x Ensure content of NoScript prompts is always visible
v 11.0.44rc2
============================================================
x Fixed soft reload messing with non UTF-8 encodings (thanks
"Quest" for reporting)
v 11.0.44rc1
============================================================
x Updated TLDs
x [L10n] Updated es
x [XSS] Fixed escape detection bug causing strage false
positives (thanks Dave Howorth for report)
x Fixed markup typo
v 11.0.43
============================================================
x Fix for some race conditions causing corruptions in
non-HTML non-XML documents
v 11.0.42
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
x Updated TLDsm
x Work-around for applying DOM CSP to non-HTML XML documents
(thanks skriptimaahinen)
x Document freezing to handle SVG and other XML documents
as a fallback before CSP insertion
x Refactored and improved syncFetchPolicy fallback for file:
and ftp: special cases
v 11.0.42rc8
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
v 11.0.42rc7
============================================================
x Updated TLDs
x Let injected CSP prevent onload events from firing on
unfrozen embedded elements
x Work-around for applying DOM CSP to non-HTML XML documents
(thanks skriptimaahinen)
v 11.0.42rc6
============================================================
x Document freezing to handle SVG and other XML documents
impervious to CSP on Mozilla
v 11.0.42rc5
============================================================
x Skip soft reload if not needed
v 11.0.42rc4
============================================================
x XML-compatible soft reload
v 11.0.42rc3
============================================================
x "Soft reload" approach to fix file: and ftp: issues
v 11.0.42rc2
============================================================
x SyncMessage suspending on DOMContentLoaded
x Updated TLDs
v 11.0.42rc1
============================================================
x Refactored and improved syncFetchPolicy fallback for file:
and ftp: special cases
v 11.0.41rc2
============================================================
x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
unless scripts are allowed
x Updated TLDs
v 11.0.41rc2
============================================================
x More precise event suppression mechanism
v 11.0.41rc1
============================================================
x Fixed regression: events suppressed on file:// pages
unless scripts are allowed
x Updated TLDs
v 11.0.40
============================================================
x Avoid synchronous policy fetching whenever possible
(fixes multiple issues)
v 11.0.40rc2
============================================================
x Avoid synchronous policy fetching whenever possible
v 11.0.40rc1
============================================================
x Handle edge case in file:// pages: policy change and
reload before DOMContentLoaded
v 11.0.39
============================================================
x Fix reload loops on broken file: HTML documents (thanks
bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
(shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
v 11.0.39rc8
============================================================
x Several hacks to make non-distruptive updates compatible
with Chromium
x Tighten localPolicy persistence mechanism during reloads
v 11.0.39rc7
============================================================
x Temporary settings survival more resilient and compatible
with Fenix
x [L10n] Updated es
v 11.0.39rc6
============================================================
x Fix reload loops on broken file: HTML documents (thanks
bernie for report)
x [XSS] Updated HTML event attributes
v 11.0.39rc5
============================================================
x Local policy fallback for file: and ftp: URLs using
window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Renamed option to "Revoke temporary permissions on
NoScript updates, even if the browser is not restarted"
v 11.0.39rc4
============================================================
x Added option to forget temporary settings immediately
whenever NoScript gets updated
x Fixed regression: file:/// URLs reloaded whenever NoScript
gets reinstalled / enabled / reloaded
x More resilient and easy to debug survival data retrieving
v 11.0.39rc3
============================================================
x Fixed regression causing manual NoScript downgrades to be
delayed until manual restart
v 11.0.39rc2
============================================================
x Let temporary permissions survive NoScript updates
(shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
URLs (e.g. file:///...)
x Removed useless CSS property
x Updated TLDs
v 11.0.39rc1
============================================================
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
lists in popup
x Fixed typo in vendor-prefixed CSS
v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore
v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn
v 11.0.38
============================================================
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn
v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore
v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn
v 11.0.37
============================================================
x Simpler and more reliable sendSyncMessage implementation
and usage
x sendSyncMessage support for multiple suspension requests
(should fix extension script injection issues)
x Updated TLDs
v 11.0.37rc3
============================================================
x Simpler and more reliable sendSyncMessage implementation
and usage
x Updated TLDs
v 11.0.37rc2
============================================================
x SyncMessage suspending on DOM modification as well
x Updated TLDs
v 11.0.37rc1
============================================================
x Updated TLDs
x sendSyncMessage support for multiple suspension requests
(should fix extension script injection issues)
v 11.0.36
============================================================
x Fixed regression: temporary permissions revocation not
working anymore on privileged pages
x SendSyncMessage script execution safety net more
compatible with other extensions (e.g. BlockTube)
v 11.0.35
============================================================
x Avoid unnecessary reloads on temporary permissions
revocation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
x Work-around for conflict with extensions inserting
elements into content pages' DOM early
x [XSS] Updated HTML events
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
x Let SyncMessage prevent undesired script execution
scheduled during suspension
v 11.0.35rc4
============================================================
x Avoid unnecessary reloads on temporary permissions
revocation
x Fixed potentially infinite loop in SyncMessage Firefox
implementation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
v 11.0.35rc3
============================================================
x Work-around for conflict with extensions inserting
elements into content pages' DOM early
x [XSS] Updated HTML events
v 11.0.35rc2
============================================================
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
v 11.0.35rc1
============================================================
x Let SyncMessage prevent undesired script execution
scheduled during suspension
v 11.0.34
============================================================
x Fixed regression breaking network-based CSP injection
v 11.0.33
============================================================
x Switch from HTTP to DOM event based CSP reporting in
compatible browsers
x [XSS] Updated HTML event attributes
x Updated TLDs
v 11.0.32
============================================================
x [L10n] Updated it, mk, sv_SE
x Fixed setting CUSTOM permissions in private mode may cause
the TRUSTED preset to become temporary
x Updated TLDs
x [XSS] Updated HTML 5 events support
x More compact high contrast appearance
v 11.0.31
============================================================
x Focus "OK" button on dialog-mode UI
x Fixed various toolbar buttons DnD issues
x Updated TLDs
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode
v 11.0.31rc2
============================================================
x Focus "OK" button on dialog-mode UI
x [L10n] Updated da
x Fixed various toolbar buttons DnD graphic issues
x Updated TLDs
v 11.0.31rc1
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
mode
x More precise DnD of toolbar buttons + work-around for
https://bugzilla.mozilla.org/show_bug.cgi?id=568313
v 11.0.30
============================================================
x Discoverable option to force site-leaking UI in
PBM/Incognito
x [L10n] Updated he
x Easier keyboard navigation of preset configuration
x Yellow-less UI palette
The NoScript Firefox extension provides extra protection for
browsers: this free, open source add-on allows JavaScript, Java,
Flash, and other plugins to be executed only by trusted web sites
of your choice (e.g., your online bank).
wiz