NoScript Updates

NoScript 2.0.2.3

Fri, 20 Aug 2010 00:35:55 GMT

x [XSS] Fixed optimization bug which may lead to slower checks on specific
  source patterns

NoScript 2.0.2.2

Thu, 19 Aug 2010 23:02:46 GMT

x [XSS] Huge InjectionChecker speed optimization, prevents most DOS false
  positives caused by checks timeout (thanks Sylvia Oberstein for report)

NoScript 2.0.2.1

Mon, 16 Aug 2010 23:30:49 GMT

x [Surrogate] Fixed fallback regression (thanks al_9x for report)

NoScript 2.0.2

Mon, 16 Aug 2010 23:00:08 GMT

x Further accessibility enhancements (thanks Jonathan Ely for report)

NoScript 2.0.1

Fri, 06 Aug 2010 21:51:18 GMT

+ [ABE] noscript.abe.localExtras about:config preference can specify net 
  resources (space separated IPs and/or subnets) to be considered as
  LOCAL by ABE, in addition to the "regular" private subnetworks and the
  auto-detected WAN IP (thanks ammdispose for suggestion)
x [ClearClick] Better compatibility with iframes containing very tiny
  pages (e.g. horizontal Flattr buttons)
x Fixed page-level surrogates not always being executed inside iframes
  (thanks al_9x for reporting)
x [XSS] Fixed XML tags with no attributes which are homonymous of
  "sensitive" HTML tags triggering XSS false positives

NoScript 2.0

Tue, 27 Jul 2010 11:05:53 GMT

x [Surrogate] Fixed Google thumbs surrogate broken by recent Gecko changes
x [ClearClick] Work-around for client(Height|Width) miscalculation

NoScript 1.10

Wed, 14 Jul 2010 17:05:58 GMT

+ ABE built-in ruleset editor
+ Button to reset ABE's defaults
x Fixed setting noscript.cp.last to false causing embeddings not to be
  blocked
x Fixed 2nd order InjectionChecker bypass (thanks Sirdarckcat for report)
+ External filters now receive the object referrer as their 3rd argument

NoScript 1.9.9.99

Tue, 06 Jul 2010 07:38:13 GMT

x Emergency fix for a page reload bug on Mac OS X causing high CPU
  consumption after permission changes (thanks "D A" for reporting)

NoScript 1.9.9.98

Mon, 05 Jul 2010 14:19:27 GMT

+ Improved ClearClick clipping accuracy on framesets
+ Improved ClearClick clipping accuracy on nested scrolling elements

NoScript 1.9.9.97

Thu, 24 Jun 2010 20:45:14 GMT

x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu
  for reporting)
x Compatibility version bump for Seamokey trunk

NoScript 1.9.9.96

Wed, 23 Jun 2010 13:59:44 GMT

x Fixed Script Surrogates activation glitches

NoScript 1.9.9.95

Wed, 23 Jun 2010 10:33:48 GMT

x Fixed wrongly sized placeholders on Youtube (regression from rc1)

NoScript 1.9.9.87

Tue, 08 Jun 2010 23:17:21 GMT

x Improved URL parsing in META refresh interception
x Optimized * universal pattern in AddressMatcher
x Better error reporting during the execution of location bar scriptlets

NoScript 1.9.9.81

Thu, 27 May 2010 18:42:35 GMT

+ Experimental blocking of page refreshes happening inside untrusted
  unfocused tabs, should provide protection against Aviv Raff's scriptless
  "tabnapping" variant. Enabled by default, can be controlled through the
  noscript.forbidBGRefresh about:config integer preference:
  0 - no blocking
  1 - block refreshes on untrusted unfocused tabs
  2 - block refreshes on trusted unfocused tabs
  3 - block refreshes on both trusted and untrusted unfocused tab
  Address patterns matching pages which shouldn't be affected can be
  listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression

NoScript 1.9.9.80

Tue, 25 May 2010 15:13:12 GMT

x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
  allowed but some objects blocked" one when the blocked objects' domains
  are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
  blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
  request is for a subdocument (the blocking is logged in the Console, use
  SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
  if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
  for reporting)

NoScript 1.9.9.79

Thu, 20 May 2010 12:13:48 GMT

x Script surrogates whose source starts with the '!' get executed on
  pages where scripts are disabled (on document DOM completion, rather
  than before HTML parsing starts like regular surrogates)

NoScript 1.9.9.77

Mon, 17 May 2010 14:38:30 GMT

+ ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
  request type (e.g. SCRIPT vs CSS) in account
+ ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
x Fixed iconic feedback inconsistencies when untrusted blocked objects
  are mixed with full-trusted content (tanks al_9x for reporting)
x Fixed Injection Checker false positives on some kinds of complex nested
  URLs (thanks Sirdarckcat for reporting)
x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)

NoScript 1.9.9.74

Sat, 01 May 2010 05:58:09 GMT

x Fixed false positive issue with empty cross-site POST requests (thanks
  Bahamut for reporting)

NoScript 1.9.9.73

Fri, 30 Apr 2010 21:28:33 GMT

x Fixed potential double-firing command issue on Firefox Mobile
+ Added about:addons and about:home to the mandatory whitelist
+ Improved responsivity and usability on Firefox Mobile

NoScript 1.9.9.72

Fri, 30 Apr 2010 14:22:58 GMT

x Fixed configuration import/export/synchronization bug introduced by
  "configuration presets" for Firefox Mobile
+ Finger-friendlier UI on Firefox Mobile