[+] new feature, [x] bug fix, [-] removed feature, [=] repackaging or cosmetic change
v 1.9.9.81
- Experimental blocking of page refreshes happening inside untrusted
unfocused tabs, should provide protection against Aviv Raff's scriptless
"tabnabbing" variant. Enabled by default, can be controlled through the
noscript.forbidBGRefresh about:config integer preference:
0 - no blocking
1 - block refreshes on untrusted unfocused tabs
2 - block refreshes on trusted unfocused tabs
3 - block refreshes on both trusted and untrusted unfocused tab
Address patterns matching pages which shouldn't be affected can be
listed in the noscript.forbidBGRefresh.exceptions preference
x Fixed XSS false positive in new 3.7 add-ons manager
x Fixed meta-refresh URL parsing mismatch
x Fixed import script surrogates being broken by a 1.9.9.79 regression
v 1.9.9.80
x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
allowed but some objects blocked" one when the blocked objects' domains
are not whitelisted for scripting (thanks al_9x for reporting)
x Fixed "Scripts allowed but some objects blocked" icon not being used for
blocked web fonts (thanks Alan Baxter for reporting)
x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
request is for a subdocument (the blocking is logged in the Console, use
SUB if user-facing notification is needed)
x Fixed privileged XMLHttpRequests for untrusted resources being blocked
if HTTP redirections occurred (thanks mari for reporting)
+ Better compatibility with IronPort web-based tools (thanks Ron Collins
for reporting)
v 1.9.9.79
x Script surrogates whose source starts with the '!' get executed on
pages where scripts are disabled (on document DOM completion, rather
than before HTML parsing starts like regular surrogates)
v 1.9.9.78
x Redirect cache for scripts and XBL only
x Fixed cross-site CSS being blocked under some circumstances (e.g.
on Flicker and Yahoo)
v 1.9.9.77
- ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
request type (e.g. SCRIPT vs CSS) in account
- ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
x Fixed iconic feedback inconsistencies when untrusted blocked objects
are mixed with full-trusted content (tanks al_9x for reporting)
x Fixed Injection Checker false positives on some kinds of complex nested
URLs (thanks Sirdarckcat for reporting)
x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)
v 1.9.9.76
x Fixed broken menu on Minefield when External Filters are enabled (thanks
linuser for reporting)
x Fixed about: URL not being shown in NoScript menu (thanks al_9x for
reporting)
x Removed minor strict warnings on Minefield
v 1.9.9.75
x Redirected site caching now skips plugin content
x Removed parent usages for Minefield compatibility
x Removed some strict warnings (thanks timeless for reporting)
v 1.9.9.74
================================================1.9.9.74-1.el5==========================
x Fixed false positive issue with empty cross-site POST requests (thanks
Bahamut for reporting)
v 1.9.9.73
x Fixed potential double-firing command issue on Firefox Mobile
+ Added about:addons and about:home to the mandatory whitelist
+ Improved responsivity and usability on Firefox Mobile
v 1.9.9.72
x Fixed configuration import/export/synchronization bug introduced by
"configuration presets" for Firefox Mobile
+ Finger-friendlier UI on Firefox Mobile
v 1.9.9.71
- Added "Allowed with untrusted sources and blocked objects" icon
x Fixed minor inconsistencies in new partial allowance feedback icons
(thanks al_9x for reporting)
v 1.9.9.70
- Compatibility and better integration with latest Firefox Mobile (Fennec)
- Experimental external filters for plugin content (e.g. Blitzableiter for
Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)
- New specific partial status icon for pages where all scripts are allowed
but some objects are blocked (thanks al_9x for RFE)
- "about:blank" won't be shown as a secondary source in NoScript's UI. Old
behavior can be restored by setting the noscript.showBlankSources
preference to true (thanks al_9x for RFE)
- googleapis.com in the default whitelist
x Fixed 2nd order indirect InjectionChecker bypass (thanks Sirdarckcat for
reporting)
x Fixed a Mac OS X specific InjectionChecker decoding issue (thanks
Colling Jackson for reporting)
Please login to add feedback.
This update has been submitted for testing.
This update has been pushed to testing
This update has been submitted for stable.
This update has been submitted for testing.
This update has been pushed to testing
This update has been submitted for testing.
This update has been pushed to testing
This update has been submitted for stable.
This update has been pushed to stable
"yum -y install mozilla-noscript" falls flat on its nose.
How? I'm unable to test it under el5, "yum -y reinstall mozilla-noscript" works at least in F-13. I'm just maintaining this in parallel to the fedora branches, without beeing able to test. If you want to help out here, that would be much appreciated.
How do you want to "maintain" a package for EPEL 5, if you don't have any installation of either RHEL 5 or CentOS 5? Consider installing CentOS 5.5 http://www.centos.org as a multi-boot option on your Fedora machine. unresolved deps: mozilla-filesystem
I don't intend to "maintain" it "properly" for EPEL. I think this programm is usefull (also for other distributions than fedora) and because nobody has already packaged it, I imported them for EPEL too. I'm relying on tester and/or bug reports to fix some issues, that don't arise in fedora. If that's a problem, I can orphane all of my EPEL packages... (I mailed the owner of mozilla- filesystem and asked for a el5+el6 package.)
mozilla-filesystem is in el6 and in el5, firefox owns the directory, mozilla- noscript needs. -> Should be fixed in update: https://admin.fedoraproject.org/updates/mozilla-noscript-2.0.2.1-2.el5