March - 2014
The secure download link here is "sometimes" directly from the author's website
and always available 2-5 days before Mozilla's Extension site
has vetted, and then posted, the newest version.
V. 220.127.116.11 - Friendly Security
If you find any bug or you'd like an enhancement, please report here or here. Many thanks!
Main good news
- Better Australis support.
- Fixed several issues related to Script Surrogates and bookmarklets execution introduced by Firefox 27.
- Improved ABE compatibility with some LAN setups.
- The "Browser Console", rather than the old "Error Console", is used when needed.
- Multiple XSS filter improvements (thanks Masato Kinugawa for reporting).
- Fixed a XSS filter compatibility issue with some Google services (thanks Stuart Young for reporting).
- Better ClearClick compatibility with recent Youtube changes.
- New Script Surrogate for addthis.com scripts emulation.
- Restored compatibility with latest Nightly Firefox builds.
- Improved request tracking performance.
- Fixed multiple ABE issues caused by the increased asynchronicity of Mozilla's platform networking (thanks barbaz and al_9x for reporting).
- Fixed bugs in regexp-based embed blocking exceptions (thanks barbaz for reporting)
- Fixed ClearClick incompatibility with latest Google+ based Youtube comments system.
- Fixed HTML 5 audio/video content types not blocked when loaded as top-level documents (thanks al_9x for reporting)
- The anti-XSS filter now recognizes several experimental/unofficial markup items handled by Gecko (thanks .mario for reporting).
- Protection against XSS filter evasion attacks exploiting Adobe Flash URL parsing and charset handling bugs (thanks Soroush Dalili for reporting)
- ClearClick compatibility with latest browser built-in Click To Play implementation (Bug 889228).
- Mimetype whitelisting through the noscript.allowedMimeRegExp preference now work with the WebGL pseudo type (thanks Thrawn for RFE)
- More usable embedding placeholders, e.g. for Youtube movies on Facebook.
- Enhanced site compatibility of the anti-XSS filter.
- Improved per-window private browsing support.
- Improved out-of-the-box compatibility with Microsoft's email services (thanks Raùl Duràn of Microsoft for help).
- Google Analytics web bugs are blocked automatically, unless google-analytics.com has been explicitly whitelisted (better than No Google Analytics, because NoScript blocks every cross-site request to GA, no matter the type or the file name).
- Mark as untrusted button on the site info page (thanks SwissBIT for RFE)
- Allow/Forbid/Mark as untrusted icons on the site info buttons.
- Several XSS filter enhancements, thanks to Masato Kinugawa's research.
- New "Security Downgrade Warning" suggests blacklist mode as a better option than uninstalling, in order to retain scripting-unrelated protections.
- Improved Google Analytics Surrogate, makes more sites work correctly with google-analytics.com blocked.
- Added navigator.doNotTrack property support.
- Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES with the noscript.allowedMimeRegExp preference
- for selecting blocking exceptions.
- Holding the left mouse button down on an absolutely positioned page element and hitting the DEL key will remove it if scripts are disabled (useful to forcibly kill in-page popups). This feature can be disabled by setting the noscript.eraseFloatingElements about:config preference to false.
- Right-clicking on NoScript menu items copy site domains to the clipboard (useful for reporting and investigating sites, thanks Tom T. for RFE)
- Browserid.org has been added to the default whitelist.
- "Click to play" protection against WebGL exploitation, now also on whitelisted sites (can be enabled in NoScript Options|Embeddings)
- Security and Privacy Info page is shown whenever you middle-click on sites exposed by NoScript's UI, either in the menus or in the Whitelist options tab.
- Middle clicking NoScript's toolbar button temporarily allows all on current page.
More in the changelog...
If you find something wrong about NoScript, read the FAQ page and/or let me know: I'll try to fix it as soon as I can.
You can also discuss about NoScript on this Forum. Have your safest browsing experience! ~~ Giorgio Maone