./security/tor-browser-noscript, Noscript plugin for tor-browser

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]


Branch: CURRENT, Version: 11.1.7, Package name: tor-browser-noscript-11.1.7, Maintainer: wiz

The NoScript Firefox extension provides extra protection for
browsers: this free, open source add-on allows JavaScript, Java,
Flash, and other plugins to be executed only by trusted web sites
of your choice (e.g., your online bank).


Required to build:
[pkgtools/cwrappers]

Master sites:

SHA1: c4f218497f48b1f01ea982bb167e8a61de7cd7c7
RMD160: 06e71c2c7b2a87327fb061a7a5901252e92887a0
Filesize: 589.015 KB

Version history: (Expand)


CVS history: (Expand)


   2021-01-03 20:02:52 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.7.

v 11.1.7
============================================================
x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)
x Explicit failure for wrong settings importation formats
x Updated TLDs

v 11.1.7rc3
============================================================
x Updated TLDs
x Optimize serviceWorker tracking for heavy tabs usage
  (thanks vadimm and barbaz for investigation)
x Force placeholder visibility on Youtube embeddings

v 11.1.7rc2
============================================================
x Fixed popup opening being slowed down if options UI is
  opened (thanks Sirus for report)

v 11.1.7rc1
============================================================
x Explicit failure for wrong settings importation formats

v 11.1.6
============================================================
x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)
x More accurate blockage reporting, with better filtering of
  page's own CSP effects
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders

v 11.1.6rc6
============================================================
x Better handling of concurrent prompts issues (thanks
  billarbor for reporting)

v 11.1.6rc5
============================================================
x Remove z-index boosting from ancestors when placeholder is
  collapsed or replaced (issue #162)

v 11.1.6rc4
============================================================
x Fixed permission keyboard shortcuts being triggered with
  modifiers like CTRL (thanks barbaz for report)

v 11.1.6rc3
============================================================
x More accurate blockage reporting, with better filtering of
  page's own CSP effects

v 11.1.6rc2
============================================================
x [UI] Fixed bug in CUSTOM sites filtering (thanks barbaz
  for reporting)
x Fixed bug in automatic HTML events build-time updates
x Updated HTML events
x Updated TLDs

v 11.1.6rc1
============================================================
x Updated TLDs
x [L10n] Updated sv_SE
x Better handling 0 width / 0 height media placeholders
   2020-11-12 22:10:49 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.5.

v 11.1.5
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

v 11.1.5rc2
============================================================
x Updated TLD
x Fixed potential infinite loop via DOMContentLoaded

v 11.1.5rc1
============================================================
x Work-around for Firefox 82 media redirection bug (thanks
  ppxxbu and skriptimaahinen)
x Updated TLDs

v 11.1.4
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
  blob: media placeholders on Chromium
x Fixed race condition causing temporary settings not to
  survive updates sometimes
x Updated TLDs
x [Mobile] Improved prompts appearance on Android

v 11.1.4rc3
============================================================
x Fixed sloppy CSP media blocker detection breaking MSE
  blob: media placeholders on Chromium

v 11.1.4rc2
============================================================
x Fixed race condition causing temporary settings not to
  survive updates sometimes

v 11.1.4rc1
============================================================
x Updated TLDs
x [Mobile] Improved prompts appearance on Android
   2020-10-31 01:54:38 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.1.3.

v 11.1.3
============================================================
x Fixed regression: document media and font restrictions
  always cascaded (thanks BrainDedd for report)
x Remove domPolicy logging when debugging is off
x Trivial reordering from Mozilla source
x Updated TLDs

v 11.1.1
============================================================
x Updated TLDs
x Better heuristic to figure out missing data while
  computing contextual policies
x Fixed regression breaking per-tab restrictions disablement
  (thanks Horsefly for report)

v 11.1.0
============================================================
x Improved blocking of media documents unaffected by
  webRequest
x Automatically init tag message with last changelog
x Improved NOSCRIPT element emulation compatibility with XML
  documents
x webNavigation.onCommitted + tabs.executeScript to deliver
  DOM policies earlier whenever possible
x Partial work-around for Fx 80 file:// documents parsing
  inconsistencies (further fix for issue #156)
x Cache policy on top document for file:// subdocuments
  (fixes issue #156)
x Enforce more restrictive CSP on media/object documents
x Better cross-browser media handling
x [Mobile] Use tabs as prompts if the browser.windows API is
  missing
x Fix browser UI for image, audio and video content being
  partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk

v 11.1.0rc2
============================================================
x Improved blocking of media documents unaffected by
  webRequest
x Automatically init tag message with last changelog

v 11.1.0rc1
============================================================
x Improved NOSCRIPT element emulation compatibility with XML
  documents

v 11.0.47rc6
============================================================
x webNavigation.onCommitted + tabs.executeScript to deliver
  DOM policies earlier whenever possible
x Fixed typo causing CSP-based media blocking to skip
  requests with no content-type header

v 11.0.47rc5
============================================================
x Partial work-around for Fx 80 file:// documents parsing
  inconsistencies (further fix for issue #156)

v 11.0.47rc4
============================================================
x Cache policy on top document for file:// subdocuments
  (fixes issue #156)
x Updated TLDs
x Enforce more restrictive CSP on media/object documents

v 11.0.47rc3
============================================================
x Better cross-browser media handling
x Improved file: directory path normalization

v 11.0.47rc2
============================================================
x [Mobile] Use tabs as prompts if the browser.windows API is
  missing

v 11.0.47rc1
============================================================
x Fix browser UI for image, audio and video content being
  partially broken on file:// URLs
x Normalize file:// directory paths on Firefox
x Allow browser UI scripts for file:// directory navigation
x Updated TLDs
x [L10n] Updated mk
   2020-09-23 21:03:10 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.0.46.

(would have to be pulled up anyway)

v 11.0.46
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
  runnning in subdocuments
x Fixed deferred scripts in file:// pages may run twice
  (issue #155)
x Fixed rendering bug with scrolled file:// pages on soft
  reload (thanks Iouri for report)
x Fixed 11.0.44 regression: ghost media item reported on
  every page
x Better emulation of SVG events

v 11.0.45rc5
============================================================
x Updated TLDs
x [L10n] Updated is
x Fixed file:// and ftp:// specific content scripts not
  runnning in subdocuments

v 11.0.45rc4
============================================================
x Fixed deferred scripts in file:// pages may run twice
  (issue #155)

v 11.0.45rc3
============================================================
x Fixed rendering bug with scrolled file:// pages on soft
  reload (thanks Iouri for report)

v 11.0.45rc2
============================================================
x Fixed 11.0.44 regression: ghost media item reported on
  every page

v 11.0.45rc1
============================================================
x Better emulation of SVG events

v 11.0.44
============================================================
x Dispatch synthetic SVGLoad event in soft load when needed
x [L10n] Updated da, es
x Fixed namespacing issues with script replacements
x Fixed media placeholder not shown when blocking Youtube
  movies
x Work around for unpredictable content script execution
  order
x Ensure content of NoScript prompts is always visible
x Fixed soft reload messing with non UTF-8 encodings (thanks
  "Quest" for reporting)
x Updated TLDs
x [XSS] Fixed escape detection bug causing strage false
  positives (thanks Dave Howorth for report)

v 11.0.44rc7
============================================================
x Better reflect event firing order in soft reload emulation

v 11.0.44rc6
============================================================
x [L10n] Updated da
x Dispatch synthetic SVGLoad event in soft load when needed

v 11.0.44rc5
============================================================
x Fixed typo

v 11.0.44rc4
============================================================
x Fixed namespacing issues with script replacements
x Fixed typo in content script ordering work-around

v 11.0.44rc3
============================================================
x Fixed media placeholder not shown when blocking Youtube
  movies
x Work around for unpredictable content script execution
  order
x Ensure content of NoScript prompts is always visible

v 11.0.44rc2
============================================================
x Fixed soft reload messing with non UTF-8 encodings (thanks
  "Quest" for reporting)

v 11.0.44rc1
============================================================
x Updated TLDs
x [L10n] Updated es
x [XSS] Fixed escape detection bug causing strage false
  positives (thanks Dave Howorth for report)
x Fixed markup typo

v 11.0.43
============================================================
x Fix for some race conditions causing corruptions in
  non-HTML non-XML documents

v 11.0.42
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags
x Updated TLDsm
x Work-around for applying DOM CSP to non-HTML XML documents
  (thanks skriptimaahinen)
x Document freezing to handle SVG and other XML documents
  as a fallback before CSP insertion
x Refactored and improved syncFetchPolicy fallback for file:
  and ftp: special cases

v 11.0.42rc8
============================================================
x Avoid useless "seen" reports from onBeforeRequest()
x Catch broadcast messaging errors
x Make build.sh tag push even already created tags

v 11.0.42rc7
============================================================
x Updated TLDs
x Let injected CSP prevent onload events from firing on
  unfrozen embedded elements
x Work-around for applying DOM CSP to non-HTML XML documents
  (thanks skriptimaahinen)

v 11.0.42rc6
============================================================
x Document freezing to handle SVG and other XML documents
  impervious to CSP on Mozilla

v 11.0.42rc5
============================================================
x Skip soft reload if not needed

v 11.0.42rc4
============================================================
x XML-compatible soft reload

v 11.0.42rc3
============================================================
x "Soft reload" approach to fix file: and ftp: issues

v 11.0.42rc2
============================================================
x SyncMessage suspending on DOMContentLoaded
x Updated TLDs

v 11.0.42rc1
============================================================
x Refactored and improved syncFetchPolicy fallback for file:
  and ftp: special cases
   2020-08-26 22:08:15 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.0.41.

v 11.0.41rc2
============================================================
x More precise event suppression mechanism
x Fixed regression: events suppressed on file:// pages
  unless scripts are allowed
x Updated TLDs

v 11.0.41rc2
============================================================
x More precise event suppression mechanism

v 11.0.41rc1
============================================================
x Fixed regression: events suppressed on file:// pages
  unless scripts are allowed
x Updated TLDs

v 11.0.40
============================================================
x Avoid synchronous policy fetching whenever possible
  (fixes multiple issues)

v 11.0.40rc2
============================================================
x Avoid synchronous policy fetching whenever possible

v 11.0.40rc1
============================================================
x Handle edge case in file:// pages: policy change and
  reload before DOMContentLoaded

v 11.0.39
============================================================
x Fix reload loops on broken file: HTML documents (thanks
  bernie for report)
x [XSS] Updated HTML event attributes
x Local policy fallback for file: and ftp: URLs using
  window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Added "Revoke temporary permissions on NoScript updates,
   even if the browser is not restarted" advanced option
x Let temporary permissions survive NoScript updates
  (shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
  URLs (e.g. file:///...)
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
  lists in popup
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)

v 11.0.39rc8
============================================================
x Several hacks to make non-distruptive updates compatible
  with Chromium
x Tighten localPolicy persistence mechanism during reloads

v 11.0.39rc7
============================================================
x Temporary settings survival more resilient and compatible
  with Fenix
x [L10n] Updated es

v 11.0.39rc6
============================================================
x Fix reload loops on broken file: HTML documents (thanks
  bernie for report)
x [XSS] Updated HTML event attributes

v 11.0.39rc5
============================================================
x Local policy fallback for file: and ftp: URLs using
  window.name rather than sessionStorage
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Renamed option to "Revoke temporary permissions on
  NoScript updates, even if the browser is not restarted"

v 11.0.39rc4
============================================================
x Added option to forget temporary settings immediately
  whenever NoScript gets updated
x Fixed regression: file:/// URLs reloaded whenever NoScript
  gets reinstalled / enabled / reloaded
x More resilient and easy to debug survival data retrieving

v 11.0.39rc3
============================================================
x Fixed regression causing manual NoScript downgrades to be
  delayed until manual restart

v 11.0.39rc2
============================================================
x Let temporary permissions survive NoScript updates
  (shameless hack)
x Fixed some traps around Messages abstraction
x Ignore search / hash on policy matching of domain-less
  URLs (e.g. file:///...)
x Removed useless CSS property
x Updated TLDs

v 11.0.39rc1
============================================================
x Updated TLDs
x Fixed automatic scrolling hampers usability on long sites
  lists in popup
x Fixed typo in vendor-prefixed CSS

v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore

v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

v 11.0.38
============================================================
x Better timing for event attributes removal/restore
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

v 11.0.38rc2
============================================================
x Better timing for event attributes removal/restore

v 11.0.38rc1
============================================================
x Work-arounds for edge cases in synchronous page loads
  bypassing webRequest (thanks skriptimaahinen)
x [L10n] Updated bn

v 11.0.37
============================================================
x Simpler and more reliable sendSyncMessage implementation
  and usage
x sendSyncMessage support for multiple suspension requests
  (should fix extension script injection issues)
x Updated TLDs

v 11.0.37rc3
============================================================
x Simpler and more reliable sendSyncMessage implementation
  and usage
x Updated TLDs

v 11.0.37rc2
============================================================
x SyncMessage suspending on DOM modification as well
x Updated TLDs

v 11.0.37rc1
============================================================
x Updated TLDs
x sendSyncMessage support for multiple suspension requests
  (should fix extension script injection issues)

v 11.0.36
============================================================
x Fixed regression: temporary permissions revocation not
  working anymore on privileged pages
x SendSyncMessage script execution safety net more
  compatible with other extensions (e.g. BlockTube)

v 11.0.35
============================================================
x Avoid unnecessary reloads on temporary permissions
  revocation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es
x Work-around for conflict with extensions inserting
  elements into content pages' DOM early
x [XSS] Updated HTML events
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
  'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode
x Let SyncMessage prevent undesired script execution
  scheduled during suspension

v 11.0.35rc4
============================================================
x Avoid unnecessary reloads on temporary permissions
  revocation
x Fixed potentially infinite loop in SyncMessage Firefox
  implementation
x [UI] Removed accidental cyan background for site labels
x [L10n] Updated es

v 11.0.35rc3
============================================================
x Work-around for conflict with extensions inserting
  elements into content pages' DOM early
x [XSS] Updated HTML events

v 11.0.35rc2
============================================================
x Updated TLDs
x Fixed buggy policy references in the Options dialog
x More accurate NOSCRIPT element emulation
x Anticipate onScriptDisabled surrogates to first script-src
  'none' CSP violation
x isTrusted checks for all the content events
x Improved look in mobile portrait mode

v 11.0.35rc1
============================================================
x Let SyncMessage prevent undesired script execution
  scheduled during suspension
   2020-07-29 09:02:59 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.0.34.

v 11.0.34
============================================================
x Fixed regression breaking network-based CSP injection

v 11.0.33
============================================================
x Switch from HTTP to DOM event based CSP reporting in
  compatible browsers
x [XSS] Updated HTML event attributes
x Updated TLDs
   2020-07-04 00:53:52 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.0.32.

v 11.0.32
============================================================
x [L10n] Updated it, mk, sv_SE
x Fixed setting CUSTOM permissions in private mode may cause
  the TRUSTED preset to become temporary
x Updated TLDs
x [XSS] Updated HTML 5 events support
x More compact high contrast appearance

v 11.0.31
============================================================
x Focus "OK" button on dialog-mode UI
x Fixed various toolbar buttons DnD issues
x Updated TLDs
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
  mode

v 11.0.31rc2
============================================================
x Focus "OK" button on dialog-mode UI
x [L10n] Updated da
x Fixed various toolbar buttons DnD graphic issues
x Updated TLDs

v 11.0.31rc1
============================================================
x [L10n] Updated bn, br, ca, da, de, el, es, fr, he, is, it,
  ja, lt, mk, ms, nb, nl, pl, pt_BR, ru, sq, sv_SE, tr,
  zh_CN, zh_TW
x Fixed very low contrast HTTPS-only label in High Contrast
  mode
x More precise DnD of toolbar buttons + work-around for
  https://bugzilla.mozilla.org/show_bug.cgi?id=568313
   2020-06-06 22:55:14 by Thomas Klausner | Files touched by this commit (2) | Package updated
Log message:
tor-browser-noscript: update to 11.0.30.

v 11.0.30
============================================================
x Discoverable option to force site-leaking UI in
  PBM/Incognito
x [L10n] Updated he
x Easier keyboard navigation of preset configuration
x Yellow-less UI palette