April 15th, 2014
The secure download link here is directly from the author's website
and always available immediately before Mozilla's Extension site
has vetted, and then posted, the newest version.
V. 184.108.40.206 - Friendly Security
If you find any bug or you'd like an enhancement, please report here or here. Many thanks!
Main good news
- CAPS-independent, finer-tuned version of the "Allow local links" feature.
- Stricter XSS filterchecks for HTTPS requests from a same domain origin with different scheme (thanks LouiseRBaldwin for report
- Better ClearClick compatibility with recent Youtube changes.
- New Script Surrogate for addthis.com scripts emulation.
- Fixed bugs in regexp-based embed blocking exceptions (thanks barbaz for reporting)
- Fixed ClearClick incompatibility with latest Google+ based Youtube comments system.
- No Google Analytics, because NoScript blocks every cross-site request to GA, no matter the type or the file name).
- Mark as untrusted button on the site info page (thanks SwissBIT for RFE)
- Allow/Forbid/Mark as untrusted icons on the site info buttons.
- Several XSS filter enhancements, thanks to Masato Kinugawa's research.
- New "Security Downgrade Warning" suggests blacklist mode as a better option than uninstalling, in order to retain scripting-unrelated protections.
- Improved Google Analytics Surrogate, makes more sites work correctly with google-analytics.com blocked.
- Added navigator.doNotTrack property support.
- Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES with the noscript.allowedMimeRegExp preference
- for selecting blocking exceptions.
- Holding the left mouse button down on an absolutely positioned page element and hitting the DEL key will remove it if scripts are disabled (useful to forcibly kill in-page popups). This feature can be disabled by setting the noscript.eraseFloatingElements about:config preference to false.
- Right-clicking on NoScript menu items copy site domains to the clipboard (useful for reporting and investigating sites, thanks Tom T. for RFE)
- Browserid.org has been added to the default whitelist.
- "Click to play" protection against WebGL exploitation, now also on whitelisted sites (can be enabled in NoScript Options|Embeddings)
- Security and Privacy Info page is shown whenever you middle-click on sites exposed by NoScript's UI, either in the menus or in the Whitelist options tab.
- Middle clicking NoScript's toolbar button temporarily allows all on current page.
More in the changelog...
If you find something wrong about NoScript, read the FAQ page and/or let me know: I'll try to fix it as soon as I can.
You can also discuss about NoScript on this Forum. Have your safest browsing experience! ~~ Giorgio Maone