NoScript Updates

NoScript 13.6.13

Thu, 02 Apr 2026 13:19:10 +0000

x Remove source comments from installable packages
x Replace browser-polyfill.js with an empty stub in Firefox
  builds
x Reduce console spam by deferring the logging of messaging
  errors due to premature unloading (tor-browser#44673)
x Ensure event hooking does not break window-level listeners

NoScript 13.6.6

Sun, 08 Mar 2026 12:52:48 +0000

x [XSS] Fix false positives regression due to the MV3 WIP
  (issue #520)

NoScript 13.5.12

Sun, 01 Feb 2026 13:43:55 +0000

x Convert PNG images to WEBP
x [UX][Android] Improve support for increased font size
  configurations
x Make deploy2tor.sh default to latest unpacked firefox
  manifest.json
x [UX] Fix first selected preset not being focused
  automatically on popup opening (issue #506)
x Prevent mid-session updates on Android in global PMB
  (tor-browser#44398)
x [UX] Fix keyboard navigation regression (issue #506)
x [UX] Improved readability of focused icon buttons

NoScript 13.5.10

Sat, 17 Jan 2026 21:52:14 +0000

x [UX] Smoother popup initialization
x [UX] Scrolling area optimization
x [UX] Flickering reduction
x [UX] Various visual tweaks

NoScript 13.5.9

Wed, 14 Jan 2026 22:44:09 +0000

x Fix missing https-only icon regression (thanks Ingo
  Brückl for reporting)

NoScript 13.5.8

Tue, 13 Jan 2026 22:46:33 +0000

x Fix site label misalignment (thanks Ingo Brückl for
  reporting)

NoScript 13.5.7

Tue, 13 Jan 2026 14:48:05 +0000

x [nscl] Improved document freezing and CSP insertion
x Control manually navigated top-level data: URIs
  (tor-browser#44482)

NoScript 13.5.6

Tue, 06 Jan 2026 10:24:28 +0000

x file:// quirk mode compatibility, thanks peterbg for
  reporting
x Add option to disable automatic page reloading on
  permissions change (fixes issue #42)

NoScript 13.5.5

Thu, 25 Dec 2025 12:01:46 +0000

x [nscl] DocumentFreezer bug fixes and improvements (fixes
  #496)
x [nscl] Improved DocRewriter web compatibility (see
  tor-browser#44450)

NoScript 13.5.2

Mon, 08 Dec 2025 21:42:30 +0000

x [L10n] Updated zh_CN
x [UX] Fix minor issues with UI titles
x [nscl] Fix cascade restrictions causing empty capabilities
  (issue #492)

NoScript 13.5

Fri, 28 Nov 2025 10:04:02 +0000

x [UX] Show onboarding page on settings reset
x [l10n] Lowered Transifex merge threshold to 50%
x [L10n] Updated bn, br, ca, da, el, es, fa, ja, lt, ms, nb,
ro, sv_SE
x [UX] Scary styling for restrictions disablement option
x [UX] Turn on restrictions when a behavior is selected
x [UX] Zoom-in site classification behavior transition
x [L10n] Updated de, fi, fr, he, is, it, mk, nl, pl, pt_BR,
pt_PT, ru, sq, tr, uk, zh_CN, zh_TW
x [UX] Improved modifier button styling
x [UX] Colorized site classification behavior options
x [UX] Implement first install onboarding page
x [UX] Further behavior UI synchronization fixes (thanks
fatboy for reporting)
x [UX] Various style tweaks for Android
x Fixed autoAllowTop bug on Chromium
x [UX] Fixed some user-visible messages (thanks Tonnes for
reporting)
x [UX] Fix possible race condition on classification
behavior UI initialization (thanks fatboy for reporting)
x [UX] Classification behavior: improved code formatting and
synchronization
x [UX] Support links
x [UX] Added missing bidirectional UI synchronization step
x [UX] Complete classification behavior wiring
x [UX] Hide classification behavior UI in Tor/Mullvad
browsers
x [L10n] Updated de, fa, fi, fr, it, nl, pl, pt_BR, pt_PT,
ro, ru, sq, tr, zh_CN, zh_TW
x [UX] "Site Classification Behavior" (usability level)
selector
x [UX] Support multiple UI listeners
x [UX] Handle more media placeholder edge cases
x [UX] Localize capabilities in status tooltip
x [UX] Fix DEFAULT wrongly styled as canScript on unsafe
URLs
x [nscl] Fixed DomFreezer regression on first file:// load
due to onbeforescriptexecuted deprecation (thanks Anton K
for reporting)
x [L10n] Updated nl
x `build.sh +` automatically increments current version
x [UX] Always show the stricter top-level site match on top
of the list (thanks fatboy for suggestion)
x [UX] Do not show CASCADED label for DEFAULT entries
matching the top-level site
x [UX] More cascading permissions bug fixes
x [L10n] Multiple localization updates
x [UX] Improved visual feedback for cascaded permissions
(thanks fatboy for bug reporting)
x [UX] Cascading permissions frontend
x [nscl] [UX] Force artificial placeholders creation on
x.com even if no real media object is in the DOM
x [nscl] Cascading permissions support (backend)
x [nscl] Do not let AUTO-TRUSTED override policies other
than DEFAULT
x [L10n] Updated de, fr, ru
x [UX] Fixed theme configuration caching bug
x [UX] Fix AUTO-TRUSTED preset titles
x [UX] Improved UI labeling for automatically trusted
top-level sites
x [L10n] Updated it
x Imported settings version migration support
x Export settings metadata and versioning support
x Mitigate x-load protection affecting file:// documents
load times (issue #455, thanks Meludall for patch)
x [UX] Better handling of clicks on obstructed placeholders
x [UX] More concise and compact placeholders
x [UX] Include all the suppported capability types in the
  tooltip blocked/used report

NoScript 13.2.2

Mon, 20 Oct 2025 20:45:07 +0000

x Work-around for issue #462
x [L10n] Updated fr, pl, zh_CN
x Resolve implicit dependencies from createHTMLElement()
x [Android] Erase temporary permissions when all the tabs
  closed (issue #464)
x [Android] Make NoScript Options' top buttons fit in one
  row
x Typo in comment in LifeCycle.js

NoScript 13.2.1

Wed, 08 Oct 2025 15:25:21 +0000

x Fix bugs with Tor Browser unknown capabilities handling
x Work-around for Tor Browser Security Levels not being
  aware yet of the wasm capability
x [nscl] Make wasm usage attempt notification
  Chromium-compatible
x [L10n] Updated de, ru, tr

NoScript 13.1

Tue, 07 Oct 2025 21:12:10 +0000

x New wasm capability to control WebAssembly per site
x [L10n] Updated is, pt_BR
x Adopt the Chromium prefetch CSS CORS work-around on Gecko
  (torbrowser#44239 fix)
x Best effort to avoid extra temporary tabs for sidebar
  detection

NoScript 13.0.9

Wed, 13 Aug 2025 17:18:01 +0000

x [UX] Increase contrast for non-HTTPS site labels in dark
  mode (thanks Soothsayer for reporting)
x [L10n] Updated he, pl, tr, uk
x [Tor] Align Tor/Mullvad Browser integration logic and UI
  with "persistent mode" (mullvad-browser#455)
x Switch to ?. operator and tidy up surrounding code

NoScript 13.0.8

Tue, 27 May 2025 13:57:53 +0000

x Reduce annoyances and false positives from sidebar content
  detection (issue #444)
x Fix automatic top level trust conflict with existing
  contextual policies (issue #441)

NoScript 13.0.6

Mon, 19 May 2025 14:18:34 +0000

x Use frameAncestors whenever possible for top URL
  retrieving
x Automatic reload on permissions change for promiscuous
  tabbed/tab-less sites
x [UX] Avoid creating extra tabs for sidebar measurement
  when possible
x [L10n] Updated ru
x [UX] Best effort to hide/show tab-less sites depending on
  the statusbar visibility
x Fix always set parent entry of temporary contextual
  policies created from DEFAULT to temporary (issue #440,
  thanks SandboxerX86 for reporting)
x [UX] Permissions UI support for tab-less (e.g. sidebar)
  content (issue #429)
x [Chromium] Prerendered frame support in context policies
  enforcing
x Fix some automatic top-level TRUST bugs (issue #437)
x Discard "zombie" prompts from the backlog
x Honor restrictions disablement for x-load checks
x [UX] Improved UX for file:// contextual permissions
  (issue#435)
x [nscl] Harmonize file:// URLs parsing and matching across
  Gecko and Chromium
x [XSS] Prevent false positives from the uptain.de
  e-commerce back-end
x More consistent contextual permission checks
x Fixed click to play sometimes broken for file:/// URLs
x Fixed automatic temporary permissions require reload
  (thanks scottg for reporting)

NoScript 12.6

Tue, 06 May 2025 12:19:14 +0000

x Make contextual policies override restriction cascading
  (tor-browser#43397)
x [Chromium] Fix 12.5.9xx prompt closure regression
x [Chromium] Full x-load checks Chromium support
x Better offscreen placeholders for x-load
x [l10n] [Chromium] Make x-load capability localization
  Chromium-compatible
x [L10n] Updated de, fr, he, ru, tr zh_CN
x [UX] Honor non-contextual x-load capability granted from
  NoScript Options (thanks barbaz for RFE)
x Prevent data: URIs from messing with srcset parsing
  (thanks fatboy for reporting)
x Regard as "mutually safe" for x-load directories sharing a
  common ancestor
x [UX] Make x-load capability visible for CUSTOM file:
  entries in NoScript Options (thanks barbaz for RFE)
x [UX] Fixed prompt window leaks (tor-browser#43281)
x [UX] Make object unblocking temporary and contextual by
  default, with choices in the prompt
x [nscl] Option to clone Permissions without context
x Always honor the "Collapse blocked objects" option
x Refactor top-level auto-trust and make it contextual
  (issue #417)
x [nscl] Remove noisy debug statement
x [UX] UI support for extra floating capabilities (x-load)
x Integrate event handlers suppression with blocking if
  needed (thanks Adithya Suresh Kumar for reporting)
x [nscl] Refactor xray proxification
x Fix incorrect assumptions about some DOM element
  properties reflecting URLs (thanks Adithya Suresh Kumar
  for reporting)
x [nscl] Fix race condition between multiple extensions
  using MV3/DNR SyncMessage (JShelter#146, thanks polcak for
  reporting)
x Suppress some event handlers (tor-browser#43491, thanks
  Adithya Suresh Kumar for reporting)
x [build] Publish XPIs only after their signed
x [build] Improved version bump commit logic

NoScript 12.1.1

Fri, 03 Jan 2025 17:16:35 +0000

x Fix automatic reloading broken if the background script /
  service worker is not already initialized on UI load
x Re-enable signing logging

NoScript 12.1

Sat, 28 Dec 2024 00:14:43 +0000

x [nscl] Improved work-around for Youtube placeholder
  displacement (tor-browser#43296)
x [L10n] Updated pl
x Avoid synchronous policy fetching if document is already
  complete (e.g. on extension updates)
x Remove more MV3-only entries from MV2 manifest
x Remove pre-release version check on signing
x More informative debug logging
x Fixed misplaced update_url in development builds (thanks
  DJ-Leith for reporting)
x Switch Firefox development build version format to *.9xx
  (like Chromium)
x Cross-browser and cross-manifest compatibility down to
  Gecko 115
x Improved cross-browser and cross-manifest development and
  build ergonomics
x Fixed RequestGuard on Firefox still using CSP.blocks() as
  an instance method
x Improved cross-browser and cross-manifest support
x Do not reload affected tabs before saving XSS user
  choices, if any
x [nscl] Several performance and reliability enhancements
  from NSCL
x [nscl] Updated to latest NoScript Commons Library
x Fixed offscreen placeholder container preventing user
  interaction on the left of placeholders
  (tor-browser#43282)
x Fix localization-related console spam when opening options
  panel (tor-browser#43269)
x Fixed offscreen placeholder container preventing user
  interaction on the left of placeholders
  (tor-browser#43282)
x Fix localization-related console spam when opening options
  panel (tor-browser#43269)

NoScript 11.5.2

Wed, 06 Nov 2024 16:35:24 +0000

x [tor-browser#43257] More efficient, flexible and
  race-resistant placeholder styling

NoScript 11.5.0

Mon, 28 Oct 2024 20:54:25 +0000

x [tor-browser#32668] Use the Security Level as the default
  policy for Options Reset on Tor Browser
x [tor] Stateless-compatible Tor Browser integration
x [L10n] Updated pt_BR
x Stateless-compatible temporary permissions
x Switch from deferWebTraffic to Wakening
x Stateless-compatibile TabGuard
x Switch to non-persistent background page
x [xss] Refactor for non-persistence
x Removed Fennec-specific code
x Bump min Gecko compatibility to 115.0 (stateless
  background script support)

NoScript 11.4.42

Wed, 09 Oct 2024 09:35:17 +0000

x [nscl] Further SyncMessage simplification
x Mitigate race conditions on startup

NoScript 11.4.40

Sat, 28 Sep 2024 15:16:21 +0000

x [nscl] Fix patched workers failures caused by Firefox
  webRequest filters disconnect() breaking on large files
  (thanks barbaz for reporting)

NoScript 11.4.37

Tue, 10 Sep 2024 14:50:36 +0000

x [nscl] Do not patch windows with WebGLHook if webgl is
  globally disabled
x [nscl] Do not patch workers if webgl is globally disabled
x [L10n] Updated uk
x [nscl] Workers-aware WebGL Hook

NoScript 11.4.35

Wed, 28 Aug 2024 15:08:37 +0000

x Improved lazy_load capability (optimization and
  notification)
x [nscl] Slight optimization of NOSCRIPT element emulation
  loop
x Automatically add extra capabilities to policyTypesMap
x Gracefully handle new capabilities still unknown to the
  settings host (e.g. Tor/Mullvad browser), if any
x Configurable "lazy_load" capability (see
  https://github.com/whatwg/html/issues/5250)
x Prefetch all CSS subresources (1st party included) in
  private contexts where both unchecked_css and scripting
  capabilities are disabled
x Forcibly neutralize lazy loading attributes when scripting
  is disabled
x [nscl] Restored SyncMessage compatibility with Firefox 78
  and below
x Lock nscl version on stable releases
x [L10n] Updated de, fr, tr, ru, uk, zh_CN

NoScript 11.4.34

Thu, 08 Aug 2024 07:19:07 +0000

x [nscl] Work around for
  https://bugzilla.mozilla.org/show_bug.cgi?id=1899786
  (issue #372)
x [L10n] Updated de, ru, tr
x Synchronize nscl git commits as needed before tagging new
  versions

NoScript 11.4.31

Thu, 18 Jul 2024 11:54:03 +0000

x [L10n] Updated fr, is, ru, zh_CN
x Improved release tooling
x [nscl] Updated to latest NoScript Commons Library
x NoScript Options/Appearance/Show synthetic placeholders
  for invisible capability probes (issue #369)
x [nscl] Make placeholders easier to style per type
x Prevent duplicate synthetic placeholders for invisible
  capability probes (issue #369)

NoScript 11.4.30

Sat, 13 Jul 2024 05:47:42 +0000

x [nscl] Best effort WebGL placeholders for offscreen
  capability detection
x Improved blocked but required capability reporting from
  subframes (issue #367)
x [nscl] Include SVG among embedding document types (fixes
  issue #366)
x Removed obsolete "applications" manifest.json key

NoScript 11.4.29

Tue, 12 Dec 2023 10:52:09 +0000

x [nscl] Updated TLDs
x [nscl] Improved reliability of TLD updater
x Removed theme.js console noise
x Fix beta channel updates breakage due to
  browser_specific_settings override
x [nscl] Several content-side performance improvements
x Reduce synchronous policy retrieval impact on file: and
  ftp: document loading performance
x More commands for which a keyboard shortcut can be
  configured
x [L10n] Updated de, fi, mk, nl, pl, ru, sq, tr, uk,
  pt_BR, zh_CN, zh_TW
x Explicit Android compatibility declaration

NoScript 11.4.28

Tue, 10 Oct 2023 11:27:03 +0000

x Prevent URL leaks from media placeholders (thanks NDevTK
  for report)
x [nscl] Support for in-tree TLDs updates

NoScript 11.4.27

Wed, 13 Sep 2023 07:40:20 +0000

x [XSS] Better specificity of HTML elements preliminary
  checks
x [XSS] Better specificity of potential fragmented injection
  through framework syntax detection (thanks Rom623, barbaz
  et al)
x [nscl] RegExp.combo(): RegExp creation by combination for
  better readability and comments
x [nscl] Replaced lib/sha256.js with web platform native
  implementation (thanks Martin for suggested patch)
x [nscl] Fixed property/function mismatch (thanks Alex)
x Fixed operators precedence issue #312 (thanks Alex)
x [nscl] Prevent dead object access on BF cache (thanks
  jamhubub and mriehm)

NoScript 11.4.26

Tue, 25 Jul 2023 11:19:50 +0000

x [Android] Fixed regression preventing NoScript prompts
  from being shown
x [XSS] Fallback to execute most demanding regular
  expressions asynchronously
x [XSS] Removed obsolete Flash-related checks
x [XSS] Make InjectionChecker's regular expressions easier
  to debug
x [XSS] Updated OpenID regexp

NoScript 11.4.25

Wed, 12 Jul 2023 18:34:03 +0000

x Reload extension on fatal failures
x [Android] Fixed UI styling regression
x Fixed UI inconsistencies when finer-grained contextual
  policies are created/imported by other means (thanks
  barbaz for reporting)

NoScript 11.4.24

Thu, 29 Jun 2023 17:03:40 +0000

x [XSS] Fix Base64 hash checks interfering with query string
  checks (thanks barbaz for reporting)
x [TabGuard] Stop exempting domains bidirectionally by
  default
x [TabGuard] Fix destination domain being reported as the
  trigger of a warning prompt when all the other tab-tied
  domains have been exempted (thanks barbaz for report)

NoScript 11.4.22

Thu, 18 May 2023 09:11:23 +0000

x [L10n] Updated uk
x Consistently apply DEFAULT policy to top-level data: URLs

NoScript 11.4.21

Wed, 05 Apr 2023 20:00:45 +0000

x Fixed mislabeled Tor Browser settings override option
x [L10n] Updated mk

NoScript 11.4.20

Tue, 21 Mar 2023 12:07:03 +0000

x Generalized prompt safety hooks
x Better blob: URL support

NoScript 11.4.18

Fri, 03 Mar 2023 15:03:34 +0000

x [Firefox on Linux] Fixed detached window UI gets closed
  when its decoration is clicked (thanks richard for
  reporting)

NoScript 11.4.16

Mon, 13 Feb 2023 09:54:39 +0000

x [L10n] Updated de, nl, pl, ru, sq, zh_CN
x Always open the windowed standalone UI when invoked from
  the Alt+Shift+N shortcut
x Alt+Shift+Space shortcut to toggle restrictions
  enforcement for current tab (issue #129, thanks PF4Public
  for RFE)

NoScript 11.4.15

Tue, 31 Jan 2023 09:14:21 +0000

x Use the actual browser's brand name for Tor Browser
  derivatives
x Always open the windowed standalone UI when invoked from
  the contextual menu (thanks ZeroUnderscoreOu for
  reporting)

NoScript 11.4.14

Tue, 03 Jan 2023 14:54:49 +0000

x Updated HTML event attributes list
x Uniformed indexed directory Firefox UI emulation to
  prevent a script blocking bypass on file:// resources
  (thanks RyotaK for reporting)
x Fixed error being logged in the console on scriptless
  pages when hitting [Delete] or [Backspace] (thanks barbaz
  for reporting)
x Work-around for background page misteriously being
  unloaded sometimes by Firefox
x [L10n] Updated Transifex configuration

NoScript 11.4.13

Tue, 22 Nov 2022 10:17:17 +0000

x Ensure theme changes are synchronized across windows,
  including private ones (thanks barbaz for reporting)
x [UI] Ensure prompts are always centered relative to the
  parent window in multi-monitors setups
x Switch to "Modern Red Evil" icon contributed by fatboy
x Work-around for Chromium unable to load the placeholder
  icon
x Themed placeholders
x [nscl] Fixed placeholder fallback styles on Gecko
  embedding documents
x [L10n] New Romanian (ro) locale (thanks Simona Iacob and
  Inpresentia I.)

NoScript 11.4.12

Tue, 15 Nov 2022 12:04:15 +0000

x [L10n] Updated is, mk
x [L10n] New Finnish (fi) locale (thanks RJuho, olavinto and
  ricky.tigg)
x [L10n] New Ukrainian (uk) locale (thanks Kataphan, MuS and
  uniss)
x [L10n] New Persian (fa) locale (thanks voxp and magnifico)

NoScript 11.4.11

Wed, 14 Sep 2022 21:20:11 +0000

x Fix broken NoScript dialogs when
  browser.privatebrowsing.autostart = true (issue#259,
  thanks foenix for reporting)
x Avoid using fallback origins for main_frame loads

NoScript 11.4.10

Thu, 01 Sep 2022 10:47:22 +0000

x [TabTies] Cascade and merge ties in a shared pool, to
  prevent them from being cut by closing a middle tab
  (thanks NDevTK for reporting)
x Extended origin normalization to top-level documents
  (thanks NDevTK for reporting)
x [TabGuard] Fixed regression in about:blank handling
  (thanks NDevTK for reporting)
x Better origin guess for requests from sandboxed iframes
  (thanks NDevTK for reporting)
x More precise tracking of implicit origins in tab URLs
x [nscl] Stricter criteria for cutting tab relations (thanks
  NDevTK for reporting)
x Use window.origin when fetching policies for inheriting
  special URLs (thanks NDevTK for reporting)
x Better build script compatibility

NoScript 11.4.9

Mon, 15 Aug 2022 11:17:14 +0000

x [L10n] Updated pl, tr, zh_CN
x [TabGuard] Abort the load when the warning dialog is
  closed by any mean except the OK button
x [TabGuard] Stricter criteria for cutting tab relations
  (thanks fatboy for reporting)

NoScript 11.4.8

Thu, 11 Aug 2022 14:39:41 +0000

x Cross-tab identity leak protection ("TabGuard", see
  tor-browser#41071, thanks barbaz and fatboy for testing)
x [TabGuard] Better request lifecycle management
x [L10n] Updated de, it, nl, ru, sq
x [l10n] Automatic pull for 100% completed translations only

NoScript 11.4.7

Mon, 08 Aug 2022 11:04:57 +0000

x [XSS] Fixed regression in invalid characters optimization
  causing false negatives (thanks Tsubasa for reporting)
x Minor build script enhancement

NoScript 11.4.6

Mon, 30 May 2022 10:51:33 +0000

x [nscl] Copy NOSCRIPT elements' attribute in emulated
  replacements (issue #238)
x [XSS] Correct for concurrency in timeout checks
x [UI] Flatter preset appearance
x [UI] Focus visual feedback adjustments
x Inclusion-time TLD updates
x Updated HTML events
x [L10n] Updated pl
x Opaque white for vintage lock icons
x [L10n] Updated is

NoScript 11.4.5

Tue, 19 Apr 2022 14:43:49 +0000

x Improved preset sizing
x Reduce toolbar bottom shaded line tickness
x [L10n] Updated he
x Various user-driven visual tweaks
x Fixed vintage icon brightness in automatic light mode
x Minor icon tweaks

NoScript 11.4.4

Fri, 01 Apr 2022 08:34:47 +0000

x [L10n] Updated mk
x Removed "clearclick" item from default settings
x Better layout for mixed status icons

NoScript 11.4.3

Mon, 28 Mar 2022 12:21:19 +0000

x Reversed colors in Modern Red permissive icons for better
  contrast
x Fixed regression causing only signed builds to complete

NoScript 11.4.1

Wed, 23 Mar 2022 12:54:58 +0000

x Support for reverting to the "Vintage Blue" style
  (NoScript Options/Appearance)
x Various tweaks to the "Moder Red" dark and light themes

NoScript 11.4

Mon, 21 Mar 2022 14:31:53 +0000

x Visual refresh based on Simply Secure concept artwork
x Full Dark/Light color schemes support
x [l10n] Many languages updates
x Include ServiceWorker-initiated fetch requests in UI
  reporting (thanks 0_o for report)
x Remove redundant style patching
x Prompts can be closed by keyboard: Enter emulates the
  default button click, Escape the cancel action
x Ensure better visibility for in-popup message box
x Sticky toolbar and scrollable fixed-height content in
  browserAction popups
x [XSS] Automatically reload page when clearing XSS choice
  from popup
x [XSS] Enable "Clear XSS Choices" button only if some item
  is selected
x Remember last active tab when opening the option window
x Avoid useless reload if no actual change has happened in
  enforcement status
x Fix for regression: request and execution attempts not
  being reported anymore in the UI if restrictions are
  disabled (thanks Stefan Mey for report)
x Dark mode support
x Improved high contrast layout
x Fixed automatic reload not always triggered for CUSTOM
  tweakings
x More consistent cross-browser widgets
x Partial status indicator on the left of the icon, to
  accommodate Chromium's badge position
x Make focus hint less elusive for needed capability widgets
x More accurate blocking stats

NoScript 11.3.7

Wed, 02 Mar 2022 12:06:51 +0000

x Always avoid DNS resolution when a HTTP(S) proxy is used
  (thanks nojake for reporting)

NoScript 11.3.6

Mon, 28 Feb 2022 16:42:19 +0000

x Make high contrast and draggable toolbar items mutually
  exclusive
x [Chromium] Fix high contrast option not working
x Avoid flashing empty graveyard on popup opening
x More deterministic DnD placeholder creation
x [L10n] Updated fr, es, nl, zh_CN
x Make disabled buttons draggable and hidden enabled buttons
  interactive when the "graveyard" is open
x Close UI and reload immediately when enabling global/tab
  restrictions or disabling them for the tab only

NoScript 11.3.5

Mon, 28 Feb 2022 11:46:54 +0000

x [L10n] Updated de, mk, ru, sq, tr
x Fix regressions in draggable toolbar buttons
x [Android] Better styling for icon buttons in message box

NoScript 11.3.4

Fri, 25 Feb 2022 23:03:53 +0000

x Avoid closing the customizer on arrow up key context
  selection change (thanks barbaz for reporting)
x Prominently warn user whenever restrictions are disabled
x Better accessibility and styling for popup global buttons
x [L10n] Updated de
x Fix for contextual permissions display inconsistencies in
  options panel (thanks barbaz for reporting)

NoScript 11.3.3

Mon, 21 Feb 2022 15:21:20 +0000

x [Android] Improved CUSTOM panel portrait layout
x Play nice with  the Viewhance extension
x Avoid synchronous fetching for remote embedding documents
x Fixed typo in UI context dropdown initial selection
x Fixed wrong label for http: sites in contextual policy UI
  (thanks barbaz for reporting)
x Fix for first party context policy ignored on first load
  in new tabs (thanks ayi for reporting)
x Consolidate best effort policy fetching
x Use correct context for all subresources checks (thanks
  user72 for reporting)
  queries on Firefox (thanks vexity for reporting)
x [L10n] Updated de, es, he

NoScript 11.3.2

Fri, 18 Feb 2022 16:44:06 +0000

x Prevent LAN protection from breaking webRequest blocking
  on the Tor Browser (thanks TorBrowserUser for reporting)

NoScript 11.3

Wed, 16 Feb 2022 21:37:09 +0000

+ LAN capability to check for cross-zone WAN to LAN requests
  (thanks barbaz for ABE webext contributions)
+ Contextual policies (different capabilities for the same
  origin, depending on the top-level domain) configurable in
  the CUSTOM panel (thanks NLnet for financial support)

NoScript 11.2.25

Mon, 14 Feb 2022 12:23:29 +0000

x More robust policy fetching
x [Firefox] Fix regression causing file:// policy not to be
  correctly enforced sometimes

NoScript 11.2.24

Sun, 13 Feb 2022 07:22:49 +0000

x [nscl] Avoid unnecessary window patching

NoScript 11.2.23

Sun, 13 Feb 2022 07:27:47 +0000

x [nscl] Fix rare breakages due to xray cloning

NoScript 11.2.21

Thu, 10 Feb 2022 07:44:10 +0000

x Better fallback for failing syncMessage
x [XSS] Simplified preemptive name sanitization

NoScript 11.2.20

Thu, 10 Feb 2022 07:41:46 +0000

x [L10n] Updated de
x [XSS] Fix false positive warning when "name" is in the
  query string (thanks John Shield / DuckDuckGo for
  reporting)

NoScript 11.2.19

Fri, 04 Feb 2022 16:23:51 +0000

x [XSS] Faster invalidCharsRx initialization on Gecko 78 and
  above
x [XSS] More resilient name handling
x [nscl] Use HTTPS SyncMessage endpoint for Chromium too
  (works around lack of file access by default on packed
  extensions breaking NoScript)

NoScript 11.2.16

Tue, 01 Feb 2022 06:52:52 +0000

x Fallback to synchronous policy fetching if the document is
  already loaded (e.g. on updates)
x [XSS] Interactive testing made a bit easier
x [nscl] Mitigate side effects of dead objects on patched
  windows during extension updates
x [XSS] Fix false positive on Microsoft authentication
  (thanks GrK and Hanna_Payne for reporting)
x [nscl] Work-around for object element initialization
  inconsistencies on Firefox (thanks skriptimaahinen for
  reporting)
x [L10n] Updated fr
x Better support for service workers in unrestricted modes
  (thanks Mark McVeigh for reporting)

NoScript 11.2.15

Wed, 19 Jan 2022 14:24:03 +0000

x [Android] Work-around for Firefox "forgetting" tabs
x [nscl] Improved cross-frame auto-patching

NoScript 11.2.14

Thu, 30 Dec 2021 16:00:06 +0000

x [nscl] Updated SyncMessage fixes conflict with other
  content blockers (thanks gwarser, barbaz and Baraoic)
x [XSS] Tweaked risky operator check prevents false positive
  on outbound Twitter navigation (thanks @muchtypo for
  reporting)
x [XSS] Better logging for JS fragment detection
x [XSS] Fixed performance regression in invalid character
  ranges generation causing random XSS "DOS" false positives
x Fetch policy for baseURI if document.domain is empty
x [L10n] Updated ja, lt, pl, ru, zh_CN
x Always fetch policy synchronously, if missing
x Fixed undetermined status icon on BF cache page loads
x [nscl] Fix webgl blocking regression due to xray wrappers
  confusion (thanks skriptimaahinen)
x [nscl] Prevent unnecessary breakages on pages inspecting
  canvas.getContext when webgl is disabled
x [nscl] Reduce the risk to interfere with scripts messing
  with the media attribute (issue #207)

NoScript 11.2.11

Thu, 12 Aug 2021 05:31:19 +0000

x [nscl] Fixed JavaScript access to CSS rules broken on
  Chromium when unrestricted CSS is disabled - issue #204
x Prevent Chromium builds from being sent to AMO for signing
x [nscl] Fixed CPU/RAM overload on some pages with
  unrestricted CSS disabled but scripting enabled (not
  recommended setting) - issue #194, issue #199
x [nscl] Fixed CPU spikes on Chromium triggered by automatic
  file downloads (thanks ptheborg for report)

NoScript 11.2.10

Fri, 23 Jul 2021 13:15:00 +0000

x Cross-browser file naming consistency, in spite of version
  numbering incompatibilities
x [nscl] Fix for potential race conditions on certain page
  transitions (issue #205)
x Handle exception when accessing navigator.serviceWorker on
  sandboxed frames
x MS Edge support

NoScript 11.2.9

Thu, 24 Jun 2021 08:49:21 +0000

x [L10n] Updated de, mk
x Replace deprecated extension.getURL() with
  runtime.getURL()
x REUSE-compliant licensing boilerplate
x Remove unused/refactored-out files
x Relicensing as GPL3+
x [nscl] Fixed infinite recursion issue on window.open
  wrappers
x Avoid treating JavaScript files as embeddings when opened
  as top-level documents

NoScript 11.2.8

Thu, 20 May 2021 15:24:40 +0000

x Quiet down unnecessary debug logging (issue #191)
x [L10n] Updated he, de
x Fix meta refresh sometimes ignored on Firefox 78 ESR
  (issue #192, thanks hackerncoder for report)
x Chromium-specific build-time customizations

NoScript 11.2.7

Thu, 06 May 2021 21:44:49 +0000

x Better prompt layout (no accidental scrollbar)
x [nscl] Fix regression causing media patches to break some
  pages (thanks l0drex for report, issue #189)

NoScript 11.2.6

Tue, 04 May 2021 16:03:48 +0000

x [nscl] Various webgl blocking enhancements
x Remove also sticky-positioned elements with click+DEL on
  scriptless pages (thanks skriptimaahinen for RFE)
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Fixed race condition causing external CSS not to be
  rendered sometimes when unrestricted CSS is disabled
x Avoid document rewriting for noscript meta refresh
  emulation in most cases
x [nscl] Fixed XHTML pages broken when served with
  application/xml MIME type and no "object" capability
x [nscl] Switch early content script configuration to use
  /nscl/service/DocStartInjection.js
x Configurable "unrestricted CSS" capability to for sites
  where the CSS PP0 mitigation should be disabled
  (e.g TRUSTED)
x [nscl] Fix CSS PP0 mitigation still interfering with some
  WebExtensions (thanks barbaz for report)
x [XSS] Increased sensitivity and specificity of risky
  operator pre-checks

NoScript 11.2.4

Mon, 29 Mar 2021 16:15:19 +0000

x CSS resources prefetching as a mitigation against CSS PP0
  (https://github.com/Yossioren/pp0)
x [L10n] Updated br, de, el, es, fr, he, is, nl, pl, pt_BR,
  ru, sq, tr, zh_CN
x [nscl] Inteception of webgl context creation in
  OffscreenCanvas too
x Fixed configuration upgrades not applied on manual updates
  (thanks Nan for reporting)
x Mitigation for misbehaving pages repeating failed requests
  in a tight loop
x [UI] More understandable label for the cascading
  restrictions option
x [nscl] More refactoring out in NoScript Commons Library
x [nscl] patchWindow improvements

NoScript 11.2.3

Thu, 18 Feb 2021 10:37:50 +0000

x [L10n] Purged non-inclusive terms from obsolete messages
x Added red halo feedback in CUSTOM preset for noscript
  element capability
x Fixed missing red halo feedback in CUSTOM preset for
  inline scripts and other capabilities sometimes
x Fixed race condition causing noscript elements not to be
  rendered sometimes

NoScript 11.2.1

Tue, 16 Feb 2021 13:48:55 +0000

x Configurable capability to show noscript elements on
  script-disabled pages
x [UI] Minor CSS Chromium compatibility fix
x [nscl] Refactoring to use Policy and its dependencies from
  the NoScript Commons Library
x Switch to faster and easier to maintain tld.js from nscl
x [UI] Fix punycode inconsistencies
x [UI] Improve preset and site controls alignment
x Provide feedback in the CUSTOM tab for WebGL usage
  attempts even if the canvas element is not attached to the
  DOM
x [L10n] Updated de, ja
x Updated HTML events
x Prevent double script on trusted file:// pages in some
  edge cases
x Prevent detection of wrapped functions (e.g. in WebGL
  interception) on Chromium

NoScript 11.2

Wed, 27 Jan 2021 10:16:33 +0000

x [XSS] New UI to reveal and selectively remove permanent
  user choices
x [L10n] Updated de
x Webgl hook refactored on nscl/content/patchWindow.js and
  made Chromium-compatibile
x Updated TLDs

NoScript 11.1.9

Tue, 19 Jan 2021 09:01:52 +0000

x Return null when webgl is not allowed (thanks Matthew
  Finkel for patch)
x [XSS] Fixed memoization bug resulting in performance
  degradation on some payloads
x [XSS] Include call stack in debugging log output
x [XSS] Skip naps when InjectionChecker runs in its own
  worker
x Shortcut for easier XSS filter testing
x More lenient filter to add a new entry to per-site
  permissions
x [L10n] Updated de
x Replace script-embedded bitmap with css-embedded SVG as
  the placeholder logo
x Updated TLDs
x Remove source map reference causing console noise
x Fix per-site permissions UI glitches when base domain is
  added to existing subdomain (thanks barbaz for reporting)

NoScript 11.1.8

Fri, 08 Jan 2021 12:22:39 +0000

x [XSS] Fix for old pre-screening optimization exploitable
to bypass the filter in recent browsers - thanks Tsubasa
FUJII (@reinforchu) for reporting
x Replace DOM-based entity decoding with the he.js pure JS
library
x Updated copyright statement
x Updated browser-polyfill.js
x Removed obsolete fastclick.js dependency
x [l10n] Updated de (thanks ib and Musonius)
x Updated TLDs

NoScript 11.1.7

Tue, 22 Dec 2020 14:21:40 +0000

x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDs

NoScript 11.1.6

Thu, 10 Dec 2020 11:19:17 +0000

x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
  page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders

NoScript 11.1.5

Fri, 06 Nov 2020 22:52:40 +0000

x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

NoScript 11.1.3

Sun, 18 Oct 2020 21:01:56 +0000

x Fixed regression: document media and font restrictions
  always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDs

NoScript 11.1.1

Thu, 08 Oct 2020 12:56:43 +0000

x Updated TLDs
x Better heuristic to figure out missing data while
  computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
  (thanks Horsefly for report)

NoScript 11.0.46

Mon, 21 Sep 2020 10:41:50 +0000

x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
  runnning in subdocuments
x Fixed deferred scripts in file:// pages may run twice
  (issue #155)
x Fixed rendering bug with scrolled file:// pages on soft
  reload (thanks Iouri for report)
x Fixed 11.0.44 regression: ghost media item reported on
  every page
x Better emulation of SVG events

NoScript 11.0.43

Wed, 09 Sep 2020 10:31:37 +0000

x Fix for some race conditions causing corruptions in
  non-HTML non-XML documents

NoScript 11.0.42

Tue, 08 Sep 2020 13:14:13 +0000

x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
x Updated TLDsm
x Work-around for applying DOM CSP to non-HTML XML documents
  (thanks skriptimaahinen)
x Document freezing to handle SVG and other XML documents
  as a fallback before CSP insertion
x Refactored and improved syncFetchPolicy fallback for file:
  and ftp: special cases

NoScript 11.0.41

Tue, 25 Aug 2020 11:40:25 +0000

x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
  unless scripts are allowed
x Updated TLDs

NoScript 11.0.40

Mon, 24 Aug 2020 11:34:44 +0000

x Avoid synchronous policy fetching whenever possible
  (fixes multiple issues)

NoScript 11.0.39

Fri, 21 Aug 2020 18:47:26 +0000

x Fix reload loops on broken file: HTML documents (thanks
  bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
  window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
   even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
  (shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
  URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
  lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)

NoScript 11.0.38

Mon, 17 Aug 2020 17:37:44 +0000

x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

NoScript 11.0.37

Tue, 11 Aug 2020 12:10:36 +0000

x Simpler and more reliable sendSyncMessage implementation
  and usage
x sendSyncMessage support for multiple suspension requests
  (should fix extension script injection issues)
x Updated TLDs

NoScript 11.0.35

Thu, 06 Aug 2020 22:14:09 +0000

x Avoid unnecessary reloads on temporary permissions
  revocation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
x Work-around for conflict with extensions inserting
  elements into content pages' DOM early
x [XSS] Updated HTML events
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
  'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
x Let SyncMessage prevent undesired script execution
  scheduled during suspension

NoScript 11.0.34

Fri, 10 Jul 2020 20:35:42 +0000

x Fixed regression breaking network-based CSP injection

NoScript 11.0.33

Fri, 10 Jul 2020 06:37:18 +0000

x Switch from HTTP to DOM event based CSP reporting in
  compatible browsers
x [XSS] Updated HTML event attributes
x Updated TLDs

NoScript 11.0.32

Mon, 22 Jun 2020 17:34:36 +0000

x [L10n] Updated it, mk, sv_SE
x Fixed setting CUSTOM permissions in private mode may cause
  the TRUSTED preset to become temporary
x Updated TLDs
x [XSS] Updated HTML 5 events support
x More compact high contrast appearance

NoScript 11.0.31

Tue, 09 Jun 2020 19:06:40 +0000

x Focus "OK" button on dialog-mode UI
x Fixed various toolbar buttons DnD issues
x Updated TLDs
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
  mode

NoScript 11.0.30

Thu, 04 Jun 2020 09:15:04 +0000

x Discoverable option to force site-leaking UI in
  PBM/Incognito
x [L10n] Updated he
x Easier keyboard navigation of preset configuration
x Yellow-less UI palette

NoScript 11.0.28

Tue, 02 Jun 2020 09:07:50 +0000

x Don't enforce Incognito UI restrictions if the "Override
  Tor Browser Security Level preset" option is checked
x Incognito-aware permissions persistence and UI
  (https://trac.torproject.org/projects/tor/ticket/29957)
x Removed inline preset options relics
x Reset non-secure site matches to DEFAULT unless setting
  UNTRUSTED to avoid confusion on preset changes
x [A11y] Keyboard-based UI navigation
x Updated TLDs
x Work-around Gecko 77 cached CSP issues (thanks acat for
  https://trac.torproject.org/projects/tor/ticket/34305)

NoScript 11.0.26

Mon, 18 May 2020 18:14:15 +0000

x UI adjustments for better mobile experience (thanks Bram
  Pitoyo for suggestions)
x Updated HTML 5 events archive
x Updated TLDs
x Fixed hard reload needed after releasing restrictions
  (regression on Firefox Beta)
x Fixed 3rd party scripts blocking regression on Firefox
  Trunk due to XBL removal (thanks guardao for reporting)
x Fixed typo in unused yet code

NoScript 11.0.25

Tue, 21 Apr 2020 21:47:19 +0000

x [XSS] Fixed false positives and timeouts (thanks riaggren
  for report)

NoScript 11.0.24

Sun, 19 Apr 2020 21:56:14 +0000

x Fixed SoundCloud login broken by NoScript being enabled
x [XSS] Updated HTML5 events
x Updated TLDs

NoScript 11.0.23

Wed, 25 Mar 2020 16:54:09 +0000

x Updated TLDs
x Further refresh syntax parsing leniency (thanks
  insertscript)

NoScript 11.0.21

Sat, 21 Mar 2020 15:11:14 +0000

x Fixed URL matching regexp (thanks insertscript)

NoScript 11.0.20

Sat, 21 Mar 2020 15:10:57 +0000

x More aggressive blocking for data: refresh attempts
  (thanks insertscript)

NoScript 11.0.19

Thu, 19 Mar 2020 07:53:56 +0000

x Prevent ANY redirection to data: URIs in (thanks
  insertscript for reporting)

NoScript 11.0.18

Tue, 17 Mar 2020 21:54:30 +0000

x Automated "Updated TLDs" commit
x Updated TLDs
x Apply "font-family: Inter" to the mobile stylesheet only
x Support synonims for "release"

NoScript 11.0.17

Sat, 14 Mar 2020 00:48:47 +0000

x Updated TLDs
x Force CSP inheritance for redirections to data: URIs on
  Gecko pre-69
x Added CSS reference to Inter font to improve UI look on
  Fenix

NoScript 11.0.15

Tue, 03 Mar 2020 20:39:19 +0000

x Fixed CapsCSP bug allowing data: URLs to bypass font
  blocking (thanks dcent and skriptimaahinen)
x [XSS] Prevent DOS detection from being triggered for
  already aborted requests (thanks barbaz)
x [L10n] Updated es and added bn
x [XSS] More accurate base64 checks on hash
x Updated TLDs
x Minor adjustments for Firefox Preview (Fenix)
  compatibility
x Refactored XSS filter into an asynchronous worker to
  better handle DOS attempts
x [XSS] Abort on InjectionChecker timeouts
x [XSS] Updated recognized HTML events
x Fixed autoreload after popup closing broken on Vivaldi

NoScript 11.0.13

Thu, 30 Jan 2020 21:57:07 +0000

x [Chromium] Fix SyncMessage broken by feature-policy
  headers
x Remove "application" manifest.json key from Chromium
  packages

NoScript 11.0.12

Thu, 30 Jan 2020 19:58:22 +0000

x [L10n] Updated ru
x Unrestricted tab support for service workers and their
  included 3rd party scripts
x Record document origins in TabStatus
x Support for reporting service workers and their imported
  scripts in UI
x Cross-browser request properties normalization
x Updated TLDs
x Fixed initial requst URL lost across redirections
x Updated copyright statement
x Fixed settings export button broken on Vivaldi (issue
  #124)
x Fixed UNTRUSTED domains accidentally set in "match HTTPS
  only" mode (issue #126)

NoScript 11.0.11

Sat, 04 Jan 2020 10:13:30 +0000

x [L10n] Updated da, de, fr, he, it, mk, nl, ru, sq, tr,
  zh_TW
x Fixed UI not working on pages were sessionStorage
  is disabled
x Updated TLDs
x Added "ping" (beacon/ping) capability control

NoScript 11.0.10

Tue, 24 Dec 2019 20:40:15 +0000

x [Chromium] Fixed no permissions given on first page load
  in a session
x Order change in html5 events source
x Updated TLDs
x Removed unused "privacy" permission
x Fixed shortcut and context menu doing nothing unless
  browserAction icon is visible on Firefox (issue 58)
x [L10n] Updated de, fr, he, nl, tr
x Updated TLDs
x Fix minor typo regarding appearance redundancy (issue 61)
x Fixed scripts could not be enabled on file: SVG documents

NoScript 11.0.9

Tue, 19 Nov 2019 16:20:52 +0000

x [Chromium] Prevent duplicated MSE placeholders (e.g. on
  Youtube)
x Fixed external scripts included in HEAD of file:// pages
  failing (issue #115)
x [XSS] Updated HTML 5 events inventory
x Best effort to make media placeholders visible and
  clickable
x Placeholders for MSE on Chromium too
x Use invalid IP rather than domain name to prevent offline
  status from breaking sync messaging in Chromium
x Removed empty exportFunction() Chromium shim
x Updated TLDs

NoScript 11.0.8

Fri, 08 Nov 2019 14:33:36 +0000

x [L10n] Updated da, ja, lt, mk, nl
x Fixed onionSecure setting persistence issue (Tor ticket
  #32362)
x Fixed CSP DOM injection breaking XML documents rendering

NoScript 11.0.7

Wed, 06 Nov 2019 11:00:56 +0000

x Use fragments to reinsert and run previously blocked
  scripts
x Fetch policies asynchronously for about: and javascript:
  URLs
x Remove loop around XHR

NoScript 11.0.3

Tue, 20 Aug 2019 22:29:18 +0000

x [Tor] Work-around for prompts being huge when
  resistFingerprinting is enabled
x [XSS] Fixed false positives due to overzealous HTML
  attribute checking
x [XSS] Enabled InjectionChecker logging when debugging mode
  is on
x Work-around for browser.i18n.getMessage() API in content
  scripts giving away browser's real locale (Tor issue #31287)
x Updated TLDs
x [L10n] Updated Transifex-managed he, is, nb, ru, sq, zh_TW

NoScript 11.0.2

Fri, 26 Jul 2019 22:57:40 +0000

+ Restored "classic" pasted HTML sanitization feature, Now
  triggered by drag'n'drop too (thanks barbaz for patch)
x Fixed bug in browser type detection by content scripts (
  thanks barbaz)
+ Added "Collapse blocked objects" option in Blocked Objects
  prompt
x Fixed corner case when application/* content types should
  match "media" rather than "object" (thanks skriptimaahinen
  for reporting)
x Replacement clicks are now intercepted even if a content
  placeholder is obstructed by an overlay
x More graceful handling of chrome: origins (thanks
  skriptimaahinen for reporting)
x CSP building optimizations
x Updated TLDs.
x [L10n] Updated Transifex-managed locales br, de, it, ms,
  nl, ru, tr, nb, sv_SE and zh_CN

NoScript 11.0

Wed, 10 Jul 2019 19:26:41 +0000

x [XSS] Fixed false positives with parameters named "src"
x Static click-to-play placeholders
+ [L10n] New da, is, pl, sq, zh_TW Transifex-managed locales
x [L10n] Updated sv_SE Transifex-managed locale

NoScript 10.6.3

Sat, 15 Jun 2019 20:59:43 +0000

x Multiple fixes in embeddings replacement (thanks barbaz
  for reporting)
x Fixed [Import] settings button on Android
x [XSS] JSON reduction optimizations
x [XSS] XSS checks performance improvements play nicer with
  resistFingerprinting
x [XSS] Fully asynchronous InjectionChecker, prevents freezes
  on heavy payloads
x Skip page autoreloads on transitions between temporary and
  permanent presets of the same kind
x Updated TLDs

NoScript 10.6.2

Wed, 22 May 2019 17:19:49 +0000

x Removed work-around for https://bugzil.la/1532530 (now
  fixed and backported to the Tor Browser too)
x Fixed media.mediasource.enabled breakage (thanks
  skriptimaahinen for patch)
x Reference internal pages as absolute URLs for Chromium
  compatibility
x Updated TLDs
x [Locale] Updated Transifex-managed locales (es, ms, tr)

NoScript 10.6.1

Wed, 10 Apr 2019 20:06:03 +0000

x Make RequestGuard's header processing synchronous as needed
x Fixed inconsistencies handling browser-internal URLs
x Fixed resetting options works just once per session
  (defaults reference current settings) - issue #69
x [Locale] Updated Transifex-managed locales (de, fr, it, tr,
  nl)

NoScript 10.6

Sun, 07 Apr 2019 21:26:12 +0000

x Limit wrappedJSObject usages to compatible browsers
x [Chromium] Merged chromium branch (unified code base)
x [Locale] Updated Transifex-managed locales
x Updated TLDs

NoScript 10.2.5

Sun, 24 Mar 2019 23:07:36 +0000

x [XSS] Improved detection of privileged origins (fixes an
  about:tor to DuckDuckGo false positive)

NoScript 10.2.4

Wed, 20 Mar 2019 22:51:54 +0000

x Improved prompts layout (thanks Ton for suggestion)
x Improved unscanned POST blocking

NoScript 10.2.3

Tue, 19 Mar 2019 22:33:01 +0000

x [l10n] Updated Transifex-managed locales
x Fixed POST searches from the url bar causing XSS warnings
x Fixed popup top buttons not visible in high contrast
  appearance mode (thanks pjaworski for reporting)
x Optimized popup layout initialization

NoScript 10.2.2

Sun, 17 Mar 2019 22:33:46 +0000

x [L10n] Updated Transifex-managed locales
+ Cascading top document's restrictions to subdocuments is now
  an option in the General section and defaults to true on
  the Tor Browser only
+ "Scan uploads for potential cross-site attacks" and "Ask
  confirmation for cross-site POST requests which could not
  be scanned" options: in Tor Browser default false and true,
  respectively, as a work-around for mozbug 1532530
+ [Tor] "Override Tor Browser Security Level preset" option
+ [Tor] Selective handling of Tor Browser specific settings
x Updated TLDs
x [XSS] Updated event names
x Safer cookie-less check for unrestricted tabs from subdocs
x [Build] Easier version bumps to next rc (build.sh bump rcX)
x Fixed unrestricted tabs not affecting about:blank subframes
  (issue #48, thanks musonius for reporting)
x [XSS] Updated known HTML events lists
+ [Locale] Added sv_SE (by Jonatan Nyberg)

NoScript 10.2.1

Sun, 23 Dec 2018 15:06:54 +0000

x Cascade top document's restrictions to subframes (Tor
  issue #28873)
x Fixed restored media element from placeholder not loading
  previously blocked content automatically
x Fixed placeholders missing for some blocked embeddings
  (Tor ticket #28720)

NoScript 10.2.0

Sun, 25 Nov 2018 22:48:14 +0000

x [L10n] Updated fr, he
x Allow origin-less fetch for extensions (issue #41)
x Fixed meta refresh inside NOSCRIPT emulation breaking
  Firefox's built-in refresh blocking
x Fixed issue #35 "tabId is not defined" on startup
x Darker red badge background to ensure text is kept white
  across browsers