File: changelog

package info (click to toggle)
mozilla-noscript 10.1.9.6-2
links: PTS, VCS
area: main
in suites: buster
size: 2,032 kB
sloc: xml: 12; makefile: 7
file content (7643 lines) | stat: -rw-r--r-- 317,378 bytes
NoScript Security Suite 10.1.9.6 - Sept. 14, 2018
-------------------------------------------------

| v 10.1.9.6
| =============================================================
| x [TB] Gracefully handle legacy external message recipients
| x [XSS] Updated known HTML5 events
| x Better IPV6 support
| x UI support for protocol-only entries

NoScript Security Suite 10.1.9.6rc3 - Sept. 14, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.6rc2 - Sept. 10, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.6rc1 - Sept. 9, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.5rc1 - Sept. 9, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.5 - Sept. 9, 2018
------------------------------------------------

| v 10.1.9.5
| =============================================================
| x Fix for various content script timing related issues
| (thanks therube for reporting)

NoScript Security Suite 10.1.9.4 - Sept. 9, 2018
------------------------------------------------

| v 10.1.9.4
| =============================================================
| x Prevent total breakages when policies accidentally map
| to invalid match patterns
| x Internal messaging dispatch better coping with multiple
| option windows
| x Avoid multiple CSP DOM insertions

NoScript Security Suite 10.1.9.4rc1 - Sept. 9, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.3rc1 - Sept. 9, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.3 - Sept. 9, 2018
------------------------------------------------

| v 10.1.9.3
| =============================================================
| x Fixed message handling regression breaking embedders and
| causing potential internal message loops

NoScript Security Suite 10.1.9.2 - Sept. 8, 2018
------------------------------------------------

| v 10.1.9.2
| =============================================================
| x More efficient `window.name <http://window.name>`__-based tab-scoped
  permissions
| persistence
| x Fixed URL parsing bugs
| x Fixed bug in requestKey generation
| x [Build] Enhanced TLD data update subsystem
| + [UI] CUSTOM presets gets initialized with currently applied
| preset, including temporary/permanent status
| x Improved internal message dispatching, avoiding potential
| race conditions
| + [L10n] Transifex integration
| x Work-around for DOM-injected CSP not being honored when
| appended to the root element, rather than HEAD
| + Transparent support for FQDNs
| x Better file: protocol support
| x Full-page placeholders for media/plugin documents

NoScript Security Suite 10.1.9.2rc4 - Sept. 8, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.2rc3 - Sept. 8, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.2rc2 - Sept. 4, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.2rc1 - Sept. 3, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.1rc1 - Aug. 30, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.9.1 - Aug. 30, 2018
------------------------------------------------

| v 10.1.9.1
| =============================================================
| x Fixed NOSCRIPT emulation not running in contexts where
| service workers are disabled, such as private windows
| (thanks Peter Wu for patch)
| x [Build] Fixed TLD regexp generation broken by CRLF
| characters in input public suffix list

NoScript Security Suite 10.1.9 - Aug. 29, 2018
----------------------------------------------

| v 10.1.9
| =============================================================
| + Completely revamped CSP backend, enforcing policies both in
| webRequest and in the DOM
| + Reload-less service worker busting
| - removed obsoleted failsafes, including forced reloads
| x Better timing for popup UI feedback on permissions changes
| x [Tor] Reordered startup sequence to better cooperate with
| embedders like the Tor Browser
| x Send out a "started" message after initialization to help
| embedders (like the Tor browser) interact with NoScript
| x [Build] Better support for versions bumps
| x Updated TLDs
| x [Build] Improved TLD auto-updater

NoScript Security Suite 10.1.9rc6 - Aug. 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.9rc5 - Aug. 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.9rc4 - Aug. 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.9rc3 - Aug. 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.9rc2 - Aug. 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.9rc1 - Aug. 27, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.23 - Aug. 25, 2018
-------------------------------------------------

| v 10.1.8.23
| =============================================================
| x Hotfix for reload loops before CSP management refactoring

NoScript Security Suite 10.1.8.23rc1 - Aug. 25, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.22 - Aug. 24, 2018
-------------------------------------------------

| v 10.1.8.22
| =============================================================
| x Fixed reload loop on unrestricted tabs (thanks random for
| reporting)

NoScript Security Suite 10.1.8.21 - Aug. 24, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.21rc1 - Aug. 24, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.20 - Aug. 24, 2018
-------------------------------------------------

| v 10.1.8.20
| =============================================================
| x Fixed Sites.domainImplies() misplaced optimization.
| x `build.sh <http://build.sh>`__ support for quick stable release
| x [L10n] Added Catalan (ca)

NoScript Security Suite 10.1.8.20rc1 - Aug. 24, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.19 - Aug. 23, 2018
-------------------------------------------------

| v 10.1.8.19
| =============================================================
| x Fixed onResponseHeader failing on session restore because
| of onBeforeRequest not having being called.
| x Fixed regression: framed documents' URLs not being reported
| in the UI (thanks xaex for report)

NoScript Security Suite 10.1.8.19rc2 - Aug. 23, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.19rc1 - Aug. 23, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.18 - Aug. 23, 2018
-------------------------------------------------

| v 10.1.8.18
| =============================================================
| x More resilient and optimized Sites.domainImplies()
| x Update ChildPolicies when automatic temp TRUST for
| top-level documents is enabled
| x Fixed messages from content scripts being "eaten" by the
| wrong dispatcher when UI is open (thanks skriptimaahinen)
| x Fixed typo causing accidental permissions/status mismatches
| being checked only while pages are still loading (thanks
| skriptimaahinen)
| x Fixed typo in XSS name sanitization script injection
| (thanks skriptimaahinen)

NoScript Security Suite 10.1.8.18rc1 - Aug. 23, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17 - Aug. 22, 2018
-------------------------------------------------

| v 10.1.8.17
| =============================================================
| x Fix: Sites.domainImplies() should match subdomains
| x More coherent wrapper around the webex messaging API
| x Fixed inconsistencies affecting ChildPolicies content
| script auto-generated matching rules.
| x Fixed potential issues with cross-process messages
| x Simpler and more reliable safety net to ensure CSP headers
| are injected last among WebExtensions
| x Fixed regression causing refresh loops on pages which use
| type="object" requests to load images, css and other types
| x [L10n] ru and de translations
| + [XSS] Updated HTML events auto-generate matching code to
| use both latest Mozilla source code and archived data since
| Firefox ESR 52
| + New dynamic scripts management strategy based on the
| browser.contentScripts API, should fix some elusive, likely
| requestFilter-induced, bugs
| x Fixed no-dot domains threated as empty TLDs (thanks
| Peter Wu for patch)
| - Removed requestFilter hack for dynamic scripts management
| + [L10n] br and tr translations (thanks Transifex/OTF,
| https://www.transifex.com/otf/noscript/)
| x Best effort to have webRequest.onHeaderReceived listener
| run last (issue #6, thanks kkapsner)
| x [L10n] Localized "NoScript Options" title (thanks Diklabyte)
| x Fixed inline scripts not being reported to UI (thanks
| skriptimaahinen for patch)
| x Skip non-content windows when deferring startup page loads
| (thanks Rob Wu for reporting)
| x Broader detection of UTF-8 encoding in responses (thanks
| Rob Wu for reporting)
| x Improved support for debugging code removal in releases
| x Fixed startup race condition with pending request tracking
| x Fixed updating NoScript reloads tabs with revoked temporary
| permissions.

NoScript Security Suite 10.1.8.17rc8 - Aug. 22, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc7 - Aug. 21, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc6 - Aug. 20, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc5 - Aug. 18, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc4 - Aug. 18, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc3 - Aug. 18, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc2 - Aug. 6, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.17rc1 - Aug. 4, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.16rc1 - July 28, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.16 - July 28, 2018
-------------------------------------------------

| v 10.1.8.16
| =============================================================
| x Fixed random stallings on page transitions (thanks sage11,
| Brush and pbelleisle for reporting)

NoScript Security Suite 10.1.8.15 - July 28, 2018
-------------------------------------------------

| v 10.1.8.15
| =============================================================
| x Fixed browser action icon not bein updated on BF cache
| navigation (thanks therube for reporting)

NoScript Security Suite 10.1.8.15rc1 - July 28, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.14 - July 28, 2018
-------------------------------------------------

| v 10.1.8.14
| =============================================================
| x Fixed regression in NOSCRIPT elements emulation.

NoScript Security Suite 10.1.8.13 - July 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.13rc1 - July 28, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.12 - July 28, 2018
-------------------------------------------------

| v 10.1.8.12
| =============================================================
| x Fixed some video streams not playing anymore.

NoScript Security Suite 10.1.8.11 - July 28, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.11rc1 - July 28, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.10 - July 28, 2018
-------------------------------------------------

| v 10.1.8.10rc1
| =============================================================
| x Fixed window.stop() being called on empty frames, causing
| WYSIWYG editors to break (thanks Dave Allen for reporting)

NoScript Security Suite 10.1.8.10rc1 - July 28, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9 - July 27, 2018
------------------------------------------------

| v 10.1.8.9
| =============================================================
| x Fixed externally handled resources opened in popups broken
| by dynamic script injection (thanks rpr and paulmcg for
| reporting)
| x More edge case covered in dynamic script injection (thanks
| skriptimaahinen for reporting)
| x Fixed some resource loading feedback glitches
| x [XSS] Updated HTML event attributes matching
| x Updated TLDs
| x Fixed stalling embedded objects load on dynamic script
| injection (thanks therube for reporting)
| x [L10n] Updated it (thanks Sebastiano Pistore)
| x Work-around for serviceWorker loads bypassing webRequest
| (thanks therube for reporting)
| x More flexible CSS layout for preset buttons (thanks fatboy)
| x Improved edge case script disablement detection
| x More reliable handling of edge cases on startup (thanks
| therube for reporting)
| x Fixed dynamic script injection failing sometimes with
| "No matching message handler" error (thanks skriptimaahinen
| for reporting)
| x [Tor Browser, Linux] Replaced unicode glyphs not being
| rendered on some browsers / platforms
| x Prevent multiple canScript content messages during the same
| page load
| x [Tor/ESR60] Removed useless work-around suggested in moz bug
| 1410755, which caused Tor Browser content process crashes

NoScript Security Suite 10.1.8.9rc9 - July 26, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc8 - July 26, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc7 - July 26, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc6 - July 25, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc5 - July 25, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc4 - July 24, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc3 - July 22, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc2 - July 20, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.9rc1 - July 18, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.8 - July 17, 2018
------------------------------------------------

| v 10.1.8.8
| =============================================================
| x Prevent script injection from messing with
| content-disposition=attachment responses.

NoScript Security Suite 10.1.8.8rc1 - July 17, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.7 - July 16, 2018
------------------------------------------------

| v 10.1.8.7
| =============================================================
| x Fixed regression breaking meta refresh with relative URLs

NoScript Security Suite 10.1.8.6 - July 16, 2018
------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.6rc1 - July 16, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.5 - July 16, 2018
------------------------------------------------

| v 10.1.8.5
| =============================================================
| x Completed fix for quoted URLs in meta refresh (thanks
| Juozas for reporting)

NoScript Security Suite 10.1.8.5rc1 - July 16, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.4 - July 16, 2018
------------------------------------------------

| v 10.1.8.4
| =============================================================
| x [L10n] Fixed es translation (thanks Deckan)
| x Cosmetic bug fixes
| x Updated TLDs

NoScript Security Suite 10.1.8.3 - July 16, 2018
------------------------------------------------

| v 10.1.8.3
| =============================================================
| x [XSS] Fixed InjectionChecker choking at some big JSON
| payloads sents as POST form data
| x Fixed meta-refresh emulation confused by quoted URLs
| x [ESR60] Fixed dynamic script injection issues with XML
| feeds (thanks skriptimaahinen for report)
| x [ESR60] Work-around for Moz Bug 1410755
| x Autosize preset buttons to accomodater bigger localized
| labels
| x [L10n] Shortened de labels (thanks musonius)
| x More graceful handling of internal and restricted URLs
| (thanks skriptimaahinen for report)
| + [L10n] Added de, es, fr, it, nl, pt_BR and zh_CN locales
| (courtesy of Mozilla's localization campaign)
| x Switch to inline elements as "NOSCRIPT" HTML replacements
| x Fixed subframe content changes producing ambiguous NoScript
| icon feedback
| x More meaningful/useful popup on (semi)privileged documents
| x [Tor Browser] Work-around for crypto-based uiid function
| failing on startup
| x [Tor Browser] Backported new dynamic script injection to
| ESR60
| + Included license files in the XPI
| + [XSS] In-depth protection against native ES6 modules abuse
| x Fixed dynamic script injection issues (thanks
| skriptimaahinen for help)
| + MSE media reporting and blocking (e.g. on Youtube)

NoScript Security Suite 5.1.8.7rc3 - July 12, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc11 - July 12, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc10 - July 11, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc9 - July 9, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc8 - July 8, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc7 - July 6, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc6 - July 3, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc5 - July 3, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 5.1.8.7rc2 - July 2, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc4 - July 1, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc3 - June 20, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc2 - June 19, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.3rc1 - June 18, 2018
---------------------------------------------------

[no description]

NoScript Security Suite 5.1.8.7rc1 - June 14, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 5.1.8.6 - June 12, 2018
-----------------------------------------------

[no description]

NoScript Security Suite 5.1.8.6rc1 - June 10, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.2 - May 29, 2018
-----------------------------------------------

| v 10.1.8.2
| =============================================================
| + Popup toolbar buttons fully configurable via Drag'n'Drop
| x Removed redundant leading "NoScript" in window titles
| x Work-around for Firefox 60 bug breaking about:blank pages
| when a WebExtension declares a "document_start" CSS (thanks
| skriptimaahinen for report and fix)
| x Fixed buttons in the "hide area" still responsive to clicks

NoScript Security Suite 10.1.8.2rc4 - May 29, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.2rc3 - May 22, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.2rc2 - May 4, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.2rc1 - May 3, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.1 - April 27, 2018
-------------------------------------------------

| v 10.1.8.1
| =============================================================
| + [UI] "Disable restrictions for this tab" button in popup
| + [UI] "Disable restrictions globally" button in popup
| x Fixed some content blocking stats collection bugs (Thanks
| Rob Wu and skriptimaahinen for reports)
| x Fixed data: and blob: URIs could be loaded as object and
| media sources independently from the parent page's
| permissions (thanks skriptimaahinen for report)
| x Several performance improvement in inter-process content
| blocking stats synchronization (thanks Rob Wu for report)
| x [UI] Improved in-popup messages
| x [UI] Simplified URL management in "Allow object" prompt
| x Fixed dynamic scripts URL matching inconsistencies

NoScript Security Suite 10.1.8.1rc4 - April 27, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.1rc3 - April 26, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.1rc2 - March 26, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.8.1rc1 - March 25, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.5 - March 22, 2018
-------------------------------------------------

| v 10.1.7.5
| =============================================================
| x Fixed edge case CSP injection bug (thanks Rob Wu)
| x Optimized dynamic script injection (thanks Rob Wu)
| x Fixed potential leak on dynamic script injection (thanks
| Rob Wu for report)
| x Now NoScript's UI on privileged pages explains permissions
| cannot be configured there, rather than bluntly opening the
| Options page (thanks Rob Wu for suggestion)

NoScript Security Suite 10.1.7.5rc1 - March 22, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.4 - March 22, 2018
-------------------------------------------------

| v 10.1.7.4
| =============================================================
| x Fixed script enablement status not correctly detected on
| some pages rolling their own CSP (causing NOSCRIPT element
| and META refresh emulation not to be triggered)
| x Fixed "Appearance" NoScript Options tab missing on Android
| x [XSS] Fixed semicolon-separated JSON payloads DDOSing the
| JSON-optimizer, e.g. with
  `syndication.twitter.com <http://syndication.twitter.com>`__ subframes
| (thanks KonomiKitten and pal1000 for reports)
| x [UI] Renamed "Scripts globally allowed (dangerous)" option
| to "No permissions enforcement (dangerous)" to better
| reflect its actual effect
| x [UI] Better feedback about "No permission enforcement" by
| disabling the "Preset customization" section and and the
| "Per-site Permissions" tab
| x [UI] Moved XSS-related options to the "Advanced" tab
| x Fixed disabled webgl breaking feeds on script-enabled sites
| (thanks pal1000 for reporting)
| x Enhanced dynamic script injection if browser.contentScripts
| API is available
| x Expanded support for webgl canvas placeholders

NoScript Security Suite 10.1.7.4rc3 - March 22, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.4rc2 - March 21, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 5.1.8.5 - March 18, 2018
------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.4rc1 - March 17, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.3 - March 16, 2018
-------------------------------------------------

| v 10.1.7.3
| =============================================================
| x Fixed infinite script count report loops on some sites
| (thanks AuntyJack, @ALoss2 and others for reporting)
| x Fixed localhost not being recognized as a domain (thanks
| skriptimaahinen for patch)
| x Fixed regression causing NOSCRIPT element and META refreshes
| not to be emulated anymore on script-disabled pages (thanks
| barbaz and fatboy for reporting)

NoScript Security Suite 10.1.7.3rc1 - March 16, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.2rc1 - March 16, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7.1rc1 - March 16, 2018
----------------------------------------------------

[no description]

NoScript Security Suite 10.1.7rc4 - March 13, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.7rc3 - March 12, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 5.1.8.5rc3 - March 8, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.7rc2 - March 8, 2018
-------------------------------------------------

[no description]

NoScript Security Suite 10.1.7rc1 - March 4, 2018
-------------------------------------------------

| v 10.1.7rc1
| =============================================================
| + WebGL blocking now honored on scripted pages
| x Quantum RC versions are hosted on
  `secure.informaction.com <http://secure.informaction.com>`__
| from now on due to beta channel deprecation on AMO

NoScript Security Suite 5.1.8.5rc2 - Feb. 25, 2018
--------------------------------------------------

[no description]

NoScript Security Suite 10.1.6.5 - Feb. 9, 2018
-----------------------------------------------

| v 10.1.6.5
| =============================================================
| + Context menu on web pages to access main UI
| x Fixed UI regression showing only the two rightmost
| components of IPv4 addresses
| x [XSS] More specific and unobtrusive handling of
  `window.name <http://window.name>`__
| sanitization
| x Fixed "XSS User Choices" not being included in Export files

NoScript Security Suite 10.1.6.4 - Jan. 28, 2018
------------------------------------------------

| v 10.1.6.4
| =============================================================
| x Fixed race condition on XSS filter first load
| x Fixed duplicate entries in UI on page reloads (thanks 8-bit
| for reporting)
| + Spinner for long sites lists in Options page
| - Removed obsolete work-around for accidental TRUSTED preset
| wiping
| x [UI] Fixed clicking on capability's label doesn't toggle
| the related checkbox (thanks dhouwn and olf for reporting)
| x [XSS] Fixed false positives on badly encoded URLs (thanks
| sage11 for reporting)

NoScript Security Suite 5.1.8.4 - Jan. 28, 2018
-----------------------------------------------

| v 5.1.6.4
| =============================================================
| x Fixed XSS false positive on some Facebook embeddings
| (thanks barbaz for reporting)
| x Fixed edge case origin checks for WebExtensions embedded in
| privileged documents
| x Fixed DNT support initialization regression (thanks barbaz
| for reporting)
| x [XSS] Fixed false positives on badly encoded URLs (thanks
| sage11 for reporting)
| x Script Surrogates don't affect privileged URLs anymore,
| unless the noscript.surrogate.matchPrivileged about:config
| preference is set to true (thanks barbaz for RFE)
| x [e10s] Fixed temporary permissions inter-process sync issue
| (thanks to the TorBrowser team for solution)

NoScript Security Suite 10.1.6.3 - Jan. 9, 2018
-----------------------------------------------

| v 10.1.6.3
| =============================================================
| x Improved tooltip clarity
| x Added version number to the browser action tooltip (thanks
| therube for RFE)
| x More restrictive domain matching in the main UI for "fake"
| TLDs, showing pseudo 2nd level domains containing one dot
| x Domain matching now treats unknown no-dot domains (not in
| the public suffixes list) as TLDs everywhere (fix finally
| not overwritten by auto-generated tld.js)
| x Fixed rc4 regression causing synchronized changes not to be
| persisted
| x Smarter XSS popup behavior when reporting concurrent events
| from/to the same origins
| x Fixed full breakage when sync storage is disabled
| x Improved layout on small screens (less than 10cm wide)
| x Moved preset customization into its own (more discoverable)
| global Options section, rather than embedded in assignment
| x Improved validation of manual entries
| x Needed capabilities highlighted also on short-hand domain
| matched entries inside the CUSTOM preset
| x Domain matching now works also for manually entered TLDs
| and pseudo-TLDs, such as "`gov.us <http://gov.us>`__" or
  "`cloudflare.net <http://cloudflare.net>`__"

NoScript Security Suite 10.1.6.2 - Dec. 30, 2017
------------------------------------------------

| v 10.1.6.2
| =============================================================
| + Individual temporary / permanent TRUSTED preset buttons
| - Removed customizability of DEFAULT, TRUSTED and UNTRUSTED
| preset from the popup (reported as a major source of
| confusion) while keeping it in the Options tab
| x Better display on mobile devices in portrait mode
| x Fixed focus bug on mobile devices
| x Fixed confirmation prompt when loading Site Info for the
| first time being ignored
| x Fixed import feature failing on some full JSON "Classic"
| export files (thanks Floe for reporting)
| x Fixed policy serialization bug causing temporary TRUSTED
| sites to be listed in the UNTRUSTED array as well (thanks
| pal1000 for reporting)
| x Fixed action icon being disabled on Options tabs and not
| re-enabled when navigating away in the same tab (thanks
| geek99 for reporting)

NoScript Security Suite 10.1.6.1 - Dec. 23, 2017
------------------------------------------------

| v 10.1.6.1
| =============================================================
| x Reduced UI sizes in desktop version
| x Work-around for Firefox bug preventing the Export button
| from working on non-Windows platforms

NoScript Security Suite 10.1.6 - Dec. 18, 2017
----------------------------------------------

| v 10.1.6
| =============================================================
| x [XSS] Improved sensitivity of JSON whitelisting (thanks
| @SamuraiFoochs for reporting)
| x [XSS] Improved specificity of nested URL checks (thanks
| @SamuraiFoochs for reporting)
| x New configuration export implementation, more convoluted
| but not requiring the "downloads" permission

NoScript Security Suite 10.1.5.9 - Dec. 17, 2017
------------------------------------------------

| v 10.1.5.9
| =============================================================
| x Fixed some XSS false positives
| x Fixed out of scale rendering regression on high DPI screens

NoScript Security Suite 10.1.5.8 - Dec. 15, 2017
------------------------------------------------

| v 10.1.5.8
| =============================================================
| + Fix for linux rendering performance issues
| + First "Quantum" release candidate with Android support
| x Inverted order of domains vs full sites in popup

NoScript Security Suite 10.1.5.7 - Dec. 10, 2017
------------------------------------------------

| v 10.1.5.7
| =============================================================
| + Settings import functionality, backward compatible with
| NoScript 5 formats
| + Settings export functionality
| + [XSS] The filter now automatically skips embedded documents
| which would normally be blocked
| x Base domain matching now uses a single dot rule for unknown,
| private or "fake" TLDs (e.g. www.acme.corp → acme.corp)
| x [XSS] Fixed regression from 10.1.5.6rc2 (thanks Masato
| Kinugava for reporting)
| x Better feedback for errors in the policy's debug JSON view
| (thanks E-Raser for RFE)

NoScript Security Suite 5.1.8.3 - Dec. 10, 2017
-----------------------------------------------

| v 5.1.8.3
| =============================================================
| x [XSS] Fixed regression (thanks Masato Kinugava for report)

NoScript Security Suite 10.1.5.6 - Dec. 8, 2017
-----------------------------------------------

| v 10.1.5.6
| =============================================================
| - removed `yandex.st <http://yandex.st>`__ from default whitelist (see
| https://forums.informaction.com/viewtopic.php?t=23655)
| x [XSS] Streamlined multiple unescaping standards handling
| x [XSS] Generalized work-around for browser's URL parsing
| oddities (thanks Masato Kinugava for reporting)
| + "Temporarily set top-level sites to TRUSTED" option
| x [XSS] Fixed user choices forgot across browser sessions

NoScript Security Suite 5.1.8.2 - Dec. 8, 2017
----------------------------------------------

| v 5.1.8.2
| =============================================================
| x [ABE] Restored Palemoon compatibility (thanks barbaz for
| patch)
| x [ABE] Fixed ruleset persistence (thanks barbaz for patch)
| - removed `yandex.st <http://yandex.st>`__ from default whitelist (see
| https://forums.informaction.com/viewtopic.php?t=23655)
| x [XSS] Streamlined multiple unescaping standards handling

NoScript Security Suite 10.1.5.5 - Dec. 4, 2017
-----------------------------------------------

| v 10.1.5.5
| =============================================================
| + [UI] Clicking on the domain label now opens the "Security
| and privacy info" webpage (like middle click on "Classic").
| + "Reset to Defaults" button in the options window
| x Improved content script initialization logic (thanks Rob Wu
| for suggestions)
| x [XSS] Fixed 2nd level interactive bypass (thanks Masato
| Kinugava for reporting)
| x Fixed sites manually added from the Options textbox don't
| stick (thanks Just_Golem for reporting)

NoScript Security Suite 5.1.8.1 - Dec. 4, 2017
----------------------------------------------

| v 5.1.8.1
| =============================================================
| x [XSS] Fixed 2nd level interactive bypass (thanks Masato
| Kinugava for reporting)

NoScript Security Suite 10.1.5.4 - Dec. 4, 2017
-----------------------------------------------

| v 10.1.5.4
| =============================================================
| + [UI] Clicking on the domain label now opens the "Security
| and privacy info" webpage (like middle click on "Classic").
| + "Reset to Defaults" button in the options window
| x Improved content script initialization logic (thanks Rob Wu
| for suggestions)
| x [XSS] Fixed 2nd level interactive bypass (thanks Masato
| Kinugava for reporting)
| x Fixed sites manually added from the Options textbox don't
| stick (thanks Just_Golem for reporting)

NoScript Security Suite 10.1.5.3 - Dec. 3, 2017
-----------------------------------------------

| v 10.1.5.3
| =============================================================
| x Fixed regression causing NoScript to ask to reload pages in
| order to show permissions more than once upon installation
| - Removed most animations causing older system to lag when
| large permissions lists are displayed in Options

NoScript Security Suite 10.1.5.2 - Dec. 2, 2017
-----------------------------------------------

| v 10.1.5.2
| =============================================================
| x Improved work-around for blank windows on Linux Firefox bug
| x Fixed XSS false positives on POST requests without data

NoScript Security Suite 10.1.5.1 - Dec. 1, 2017
-----------------------------------------------

| v 10.1.5.1
| =============================================================
| x Fixed regression from new "fail fast" XSS filter main loop,
| causing cross-site requests to Google to trigger false
| positives (thanks Steve M for reporting)

NoScript Security Suite 10.1.5 - Dec. 1, 2017
---------------------------------------------

| v 10.1.5
| =============================================================
| + [XSS] Added "Always block requests from ... to ..." in XSS
| warning prompt
| x [XSS] Fixed url decoding bug (thanks Masato Kinugawa for
| reporting)
| x Fixed some blocked items not reported in the UI (thanks Bo
| Elam for reporting)
| x Changed the CSP internal report URI to noscript-csp.invalid
| (thanks Tom Schuster Mario Heiderich for RFE)
| - Removed unused MSE detection code (thanks Rob Wu for
| reporting)

NoScript Security Suite 10.1.4 - Dec. 1, 2017
---------------------------------------------

| v 10.1.4
| =============================================================
| x Fixed script enablement feedback dependant on page's own
| CSP (thanks Rob Wu for reporting)
| x Fixed MSE detection injection using window.eval (thanks
| Rob Wu for reporting)
| x Fixed window being resized and NoScript UI shown in a
| separate popup when triggered on a maximized window
| x General performance improvement by removing unnecessary
| asynchronous webRequest listeners

NoScript Security Suite 10.1.3 - Nov. 29, 2017
----------------------------------------------

| v 10.1.3
| =============================================================
| x Hotfix for wiped TRUSTED permissions
| x Hotfix for NoScript failing to load if XSS was disabled in
| previous session

NoScript Security Suite 10.1.3c3 - Nov. 28, 2017
------------------------------------------------

| v 10.1.3rc3
| =============================================================
| x Fixed immutable permissions for TRUSTED and UNTRUSTED
| presets negating all the others (thanks Stefan Scholl for
| reporting)
| x Work-around for Moz Bug #1402110 (thanks David Ross for
| reporting)
| x Fixed XSS whitelist not being cleared from Options
| x Fixed XSS whitelist trying to using sync even if disabled (
| thanks Rob Wu for reporting)

NoScript Security Suite 10.1.3c1 - Nov. 27, 2017
------------------------------------------------

| v 10.1.3rc1
| =============================================================
| + Work-around for Firefox not displaying NOSCRIPT elements on
| pages where scripts are blocked by CSP
| + The Alt+Shift+N shortcut now opens the NoScript UI also on
| windows with no toolbars containing NoScript's icon
| x "unsafe" (non-HTTPS) matching is now automatically selected
| on non-HTTPS pages (fixes the perception that you set a
| site to TRUSTED and it reverted to DEFAULT)
| x Full addresses are shown again to be choosen in UI, together
| with base domains
| x Better auto-reload logic
| x Fixed NoScript back-end to work also if sync storage is
| disabled (thanks Rob Wu for reporting)
| x Fixed potential fingerprinting through placeholder icon
| (thanks Rob Wu for reporting)

NoScript Security Suite 10.1.2 - Nov. 22, 2017
----------------------------------------------

| v 10.1.2
| =============================================================
| + Added "Revoke temporary permissions" button
| + Added "Temporarily allow all this page" button
| x Simplified popup listing, showing base domains only (full
| origin URLs can still be entered in the Options window to
| further tweak permissions)
| x Fixed UI not launching in Incognito mode
| x Fixed changing permissions in the CUSTOM preset affecting
| the DEFAULT permissions sometimes
| x Fixed UI almost unusable in High Contrast mode
| x Fixed live bookmark feeds blocked if "fetch" permissions
| were not given
| x Fixed background requests from other WebExtensions being
| blocked

NoScript Security Suite 10.1.1 - Nov. 20, 2017
----------------------------------------------

| 10.1.1
| =============================================================
| + First pure WebExtension release.
| + CSP-based first-party script script blocking
| + Active content blocking with DEFAULT, TRUSTED, UNTRUSTED and
| CUSTOM (per site) presets
| + Extremely responsive XSS filter leveraging the webRequest asynchronous API
| + On-the-fly cross-site requests whitelisting
|  
| Next to come: ClearClick and ABE (in the next few weeks).

NoScript Security Suite 5.1.7 - Nov. 17, 2017
---------------------------------------------

| 5.1.7
| =============================================================
| x [Surrogate] Fixed regression breaking source matching in
| 5.1.6 (thanks astian for reporting)

NoScript Security Suite 5.1.6 - Nov. 17, 2017
---------------------------------------------

| 5.1.6
| =============================================================
| x [Fx58] Fixed complete breakage due to nsIPrefBranch changes
| in 58 (for Firefox Developer Edition users)

NoScript Security Suite 5.1.5 - Nov. 7, 2017
--------------------------------------------

| v 5.1.5
| =============================================================
| x Fixed content process cross-framescript leak (thanks
| dorando for patch)
| x [ESR] Fixed bookmarklets not being executed (thanks Jim
| Thompson for reporting)

NoScript Security Suite 5.1.4 - Oct. 29, 2017
---------------------------------------------

| v 5.1.4
| =============================================================
| x [Nightly] Fixed Import/Export Options button
| x Fixed bookmarlets broken when scripts globally allowed
| (thanks filip for reporting)
| x [Tor Browser] Fixed jumping icon on updates (ticket #23968)
| x [Surrogate] Better sandbox memory management
| - Removed special Add-ons manager uninstall warning hooks

NoScript Security Suite 5.1.3 - Oct. 23, 2017
---------------------------------------------

| v 5.1.3
| =============================================================
| x [e10s] Fixed some bookmarklet / URL bar JavaScript emulation
| multi-process regressions
| x [Palemoon] Fixed NoScript button position not customizable
| on the first window (thanks yes_noscript for reporting)
| x Fixed bookmarklet execution subject to AllowURLBarJS too
| x Fixed Palemoon urlbar breakage on browser restart
| x [Whitelist] about:tabcrashed made mandatory (internal)

NoScript Security Suite 5.1.2 - Oct. 13, 2017
---------------------------------------------

| v 5.1.2
| =============================================================
| x Fixed allowing scripts on one tab blocking them in other (
| `torproject.org <http://torproject.org>`__ issue #23747, thanks cypherpunks
  for report)
| x Fixed startup sequence
| + [Whitelist] about:tabcrashed added to default whitelist
| x Added unlimitedStorage WebExtensions permissions for safer
| preferences migration
| x Fixed some restartless lifecycle quirks
| x Fixed toolbar button position changes across upgrades
| x Fixed NoScript release notes page shown upon restartless
| updates, rather than on next restart
| x Fixed Tor Browser's extension preference overrides ignored
| by NoScript
| x Fixed status bar not recognized on some browsers still
| supporting it
| x Work-around for the Tor Browser preventing NoScript from
| resolving its own UI's XML entities

NoScript Security Suite 5.1.1 - Sept. 30, 2017
----------------------------------------------

| v 5.1.1
| =============================================================
| x Fixed regression breaking webworkers (e.g. on Protonmail)

NoScript Security Suite 5.1.0 - Sept. 29, 2017
----------------------------------------------

| v 5.1.0
| =============================================================
| x Fixed placeholders not shown in Fx 57 and above
| x [WebExtension] Reduced legacy settings backup size
| x [Nightly] Work-around for nsIDOMHTML\* interfaces removal
| + Restartless (bootstrapped) desktop version, and most likely
| the last hybrid (embedded WebExtension) before the pure
| WebExtension release

NoScript Security Suite 5.0.10 - Sept. 11, 2017
-----------------------------------------------

| v 5.0.10
| =============================================================
| x Fixed some moz-webextension: subrequests blocked in content
| blocking mode
| - Removed whitelist and surrogate references to
  `persona.org <http://persona.org>`__
| x [Seamonkey] Fixed status bar visibility regression (thanks
| Mc for reporting)
| x [Nightly] Fixed various XSS filter UI breakages
| x [Nightly] Patched deprecated usages of nsIURI.path
| x [XSS] Fixed false positive on `amazonaws.com <http://amazonaws.com>`__
  (thanks Robby
| Stokoe for reporting)
| x [Surrogate] New `ampush.io <http://ampush.io>`__ tracker surrogate (thanks
  barbaz)

NoScript Security Suite 5.0.9 - Aug. 21, 2017
---------------------------------------------

| v 5.0.9
| =============================================================
| x [WebExt] Make sure the embedded WebExtension cannot
| interfere with the legacy side beside preference migration
| x [Nightly] Fixed breakage from bug 1390106
| x [Nightly] Work-around for HTMLEmbedElement removal
| x [Nightly] Fixed first run UI visibility check
| x [XSS] Work-around for Google notifications false positive
| x [Nightly] Fixed startup breakage
| x [Surrogates] Fixed noisy google-analytics replacement
| x [Nightly] Fixed view-source: breakage

NoScript Security Suite 5.0.8.1 - July 28, 2017
-----------------------------------------------

| v 5.0.8.1
| =============================================================
| x [ABE] XHR matches both TYPE_XMLHTTPREQUEST and TYPE_FETCH
| x [ABE] Updated INCLUSION types to match newest specific
| types from nsIContentType constants. OTHER still matches
| any type except "historically supported" ones (SCRIPT, CSS,
| IMAGE, OBJ, OBJSUB, MEDIA, FONT, SUBDOC, XBL, PING, XHR,
| DTD) for backward compatibility: please use
| UNKNOWN to match just TYPE_OTHER (i.e. request whose type
| is not specifically mapped yet by the nsIContentType API).
| x [e10s] Fixed INCLUSION type marked as OTHER for any request
| when Electrolysis is enabled (thanks barbaz for reporting)
| x [XSS] Fixed excessive recursion causing GC-related hangs on
| some ads-intensive websites (like
  `der-postillion.de <http://der-postillion.de>`__)

NoScript Security Suite 5.0.7.1 - July 23, 2017
-----------------------------------------------

| v 5.0.7.1
| =============================================================
| x [WebExt] Fixed incompatibility with Firefox 54
| x [WebExt] Initiated preference migration via embedded
| WebExtension
| x [e10s] Fixed HTTP redirection issues with e10s enabled
| (thanks PLD for reporting)
| x [Surrogate] Updated googletag replacement (thanks barbaz)
| x Fixed HTML5 Media documents blockage delay if no other
| embedded content is forbidden (thanks Georg Koppen for
| reporting)
| x [XSS] Fixed bug causing false positives (thanks Georg
| Koppen for reporting)

NoScript Security Suite 5.0.6 - July 1, 2017
--------------------------------------------

| v 5.0.6
| =============================================================
| x [XSS] Fixed performance regression in handling of big JSON
| payloads causing the browser to freeze on loading pages
| with Facebook tracking subframes
| x [Surrogates] Updated ga replacement (thanks barbaz)
| x [L10n] Updated tr (thanks Volkan Gezer)
| x [L10n] Updated de (thanks milupo)
| x [XSS] Fixed regression in `window.name <http://window.name>`__ sanitization
| (thanks Gareth Heyes for reporting)
| x [XSS] Work-around for Mavo-script operator translation side
| effects (thanks Gareth Heyes for reporting)

NoScript Security Suite 5.0.5 - May 29, 2017
--------------------------------------------

| v 5.0.5
| =============================================================
| x [XSS] Updated XSS filter with latest Gecko Atoms and ES
| features (thanks Maxim Rupp for reporting)
| + [XSS] Added countermeasures against XSS vectors exploiting
| Mavo-script template expressions (thanks Krzysztof Kotowicz
| and Gareth Heyes for reporting)

NoScript Security Suite 5.0.4 - May 11, 2017
--------------------------------------------

| v 5.0.4
| =============================================================
| + [XSS] Added countermeasures against several vectors
| exploiting client-side JavaScript templating frameworks
| (thanks Krzysztof Kotowicz and Sebastian Lekies for their
| research)
| x [XSS] Fixed e10s-related regression in `window.name <http://window.name>`__
| sanitization (thanks Krzysztof Kotowicz for reporting)
| x Fixed "Allow local links" breaking file:/// URL loading in
| Gecko 53 and above
| x Fixed JSON viewer working only on JavaScript-enabled URLs

NoScript Security Suite 5.0.3 - April 21, 2017
----------------------------------------------

| v 5.0.3
| =============================================================
| x Fixed global JavaScript enablement for HTTPS sites breaking
| the UI (Tor ticket #21923)
| + noscript.webext.enabled preference to control embedded
| WebExtension startup
| x Fixed XHR regression (thanks Oleksandr Popov for reporting)
| x Fixed compatibility issues with some WebExtensions (thanks
| Oleksandr Popov for reporting)

NoScript Security Suite 5.0.2 - March 16, 2017
----------------------------------------------

| v 5.0.2
| =============================================================
| x Fixed thumbnails broken even if noscript.bgThumbs.allowed
| is true (thanks rick for reporting)
| x [e10s] Restored absolutely positioned elements removal by
| mousedown + DEL key (broken by e10s)
| x Absolutely positioned elements removal by mousedown + DEL
| key now working also on whitelisted pages (controlled by
| noscript.eraseFloatingElements about:config preference,
| thanks MegaWolf for RFE)
| x Fixed blocked XHR requests in frames not reflected in the
| menu UI (thanks aocab and barbaz for reporting)
| x [Locale] Improved nl translation (thanks Kris)

NoScript Security Suite 5.0.1 - March 7, 2017
---------------------------------------------

| v 5.0.1
| =============================================================
| x Fixed regression, some sites not being shown in UI
| x Fixed recently blocked menu not working on e10s

NoScript Security Suite 5.0 - March 3, 2017
-------------------------------------------

| v 5.0
| =============================================================
| + Embedded WebExtension
| x Dramatically Improved UI synchronization performance impact
| on load-intensive web pages (thanks Rob Wu)
| x [e10s] Fixed permissions out of sync when content processes
| are more than one (thanks Ian Fennel for report)
| x [Surrogates] Update google-analytics replacement (thanks
| ng4never for reporting and barbaz for implementation)

NoScript Security Suite 2.9.5.3 - Jan. 17, 2017
-----------------------------------------------

[no description]

NoScript Security Suite 2.9.5.2 - Nov. 28, 2016
-----------------------------------------------

| v 2.9.5.2
| =============================================================
| x Fixed Stylish editor breakage (thanks JustAnotherGuy for
| reporting
| x Fixed media blocking delayed with Tor Browser's "Medium"
| Security Sider preset
| x Fixed frame blocking issues
| x Fixed top-level media loads issues
| x Fixed apparent delay in menu UI feedback (thanks mechadon
| for reporting)
| x Fixed some XSS filter over-sensitivity regressions
| x Fixed "Allow local links" causing file:// URLs to fail
| x [Locale] Updated nl (thanks Ton)

NoScript Security Suite 2.9.5.1 - Nov. 21, 2016
-----------------------------------------------

| 2.9.5.1
| =============================================================
| x Fixed some pages not loading on 1st attempt when e10s is
| enabled (thanks Semtex for reporting)
|  
| 2.9.5
| =============================================================
| + Full e10s compatibility
| x Fixed big whitelists being reset to default permissions on
| e10s-enabled browsers (thanks sabret00the and Internet User
| for reporting)
| x Better fix for some embedding permissions issues (thanks
| barbaz for reporting)
| x MediaSource blocking support (Tor Project)
| x Better handling of media types loaded as top-level
| documents
| x Declared (but untested) Palemoon support (thanks barbaz)
| x [System Principal] included in the mandatory allowed list
| x Fixed allow scripts globally requiring a restart (thanks
| FFreestyleRR for reporting
| x Fixed embeddings autoreload on e10s-disabled browsers
| ^ TODO: MediaSource blocking support
| x Improved autoreload responsiveness and precision
| x Fixed IFrame over-blocking bug (thanks G113 for report)
| x Fixed sites involved in background requests being not
| reported in the UI, even if intercepted and/or blocked (
| thanks GH113 for reporting)
| x Fixed typo in PasteHandler (thanks barbaz for reporting)
| x Fixed embedding-related automatic reload issues (thanks
| barbaz and tmeader for reporting)
| x Fixed compatibility regression with Firefox 45
| x [Surrogate] Fixed file:// replacements broken (thanks
| barbaz for reporting)
| ^ TODO: MediaSource blocking support
| x Fixed typo in XSS filter breaking JSON cross-site requests
| x Fixed automatic reload issues (thanks GH113 for reporting)
| x Fixed UI not always synchronized on startup (thanks GH113
| for reporting)
| x Fixed incompatibilities with older Firefox down to 45
| (thanks barbaz for reporting)
| x Fixed automatic reload impossible to be disabled (thanks
| GH113 for reporting)
| x Fixed UI initially not synced on new windows (thanks GH113
| for reporting)
| x Fixed bug in secure cookie enforcement upgrading all the
| unsecure cookies on secure connections even if a secure
| cookie for the domain existed, increasing chances of
| incompatibilities (thanks PDL for reporting)
| x Fixed escaping issues in the noscript.js preference file
| (thanks PDL for reporting)

NoScript Security Suite 2.9.0.14 - Aug. 8, 2016
-----------------------------------------------

| v 2.9.0.14
| =============================================================
| x Fixed live bookmarks in Firefox 48 or above

NoScript Security Suite 2.9.0.13 - Aug. 1, 2016
-----------------------------------------------

| v 2.9.0.13
| =============================================================
| x Added missing "s" in noscript.mandatory/about:feeds

NoScript Security Suite 2.9.0.12 - July 25, 2016
------------------------------------------------

| v 2.9.0.12
| =============================================================
| x Updated DNT implementation to match the most recent spec
| about navigator.doNotTrack values (thanks Francois Merier)
| x [XSS] Better compatibility with Unionbank's website (thanks
| Brent for reporting)
| x Fixed bug 1278735 (JavaScript disabled in private windows)
| x Fixed JSON viewer not working
| x about:feed in the mandatory whitelist to fix bug 1272139
| x [XSS] Disable JavaScript on FTP-served pages when a
| potential DOM XSS threat is detected (thanks Emanuel
| Bronshtein @e3amn2l for reporting)
| x Fixed DOS through script-triggered ClickToPlay confirmation
| dialogs in a loop (thanks Emanuel Bronshtein @e3amn2l for
| reporting)
| x Fixed placeholder links might be potentially used as XSS
| vectors if stars were properly aligned(thanks Emanuel
| Bronshtein @e3amn2l for reporting)
| x [Surrogate] Updated `google-analytics.com <http://google-analytics.com>`__
  replacement (
| thanks noscriptsplox)
| x [XSS] Fixed regression (thanks Masato Kinugawa for report)

NoScript Security Suite 2.9.0.11 - April 6, 2016
------------------------------------------------

| v 2.9.0.11
| =============================================================
| x [XSS] Fixed infrastructure issue preventing one filter from
| being automatically synchronized with Mozilla's source code
| as designed (thanks .mario and Maxim Rupp for reporting)
| x [XSS] Added filtering for a potential CSRF vector (thanks
| Masato Kinugawa for reporting)

NoScript Security Suite 2.9.0.10 - March 22, 2016
-------------------------------------------------

| v 2.9.0.10
| =============================================================
| x Fixed placeholder activation in Gecko 45 and above

NoScript Security Suite 2.9.0.9 - March 20, 2016
------------------------------------------------

| v 2.9.0.9
| =============================================================
| x [XSS] Compatibility exception for the Printfriendly add-on
| x Removed `msn.com <http://msn.com>`__ from the default whitelist, since it
  seems
| to be unable to support HTTPS consistently

NoScript Security Suite 2.9.0.7 - March 19, 2016
------------------------------------------------

| v 2.9.0.7
| =============================================================
| x [HTTPS] Removed legacy redirection methods when redirectTo()
| is available in HTTP channels, fixing YouTube embedding
| problem
| x Replaced newChannel() with newChannel2() on Gecko 48

NoScript Security Suite 2.9.0.6 - March 18, 2016
------------------------------------------------

| v 2.9.0.6
| =============================================================
| x [HTTPS] Limit httpsDefWhitelist effect to document loads
| x [XSS] Reduced eval aliasing checks false positives

NoScript Security Suite 2.9.0.5 - March 16, 2016
------------------------------------------------

| v 2.9.0.5
| =============================================================
| x [XSS] Improved detection of computed property accessors
| (thanks Emanuel Bronshtein @e3amn2l for report)
| x [HTTPS] Fixed httpsDefWhitelist breaking OCSP (thanks al_9x
| for reporting)
| x [HTTPS] Fixed httpsDefWhitelist breaking
  `yui.yahooapis.com <http://yui.yahooapis.com>`__
| (thanks Rob Greenberg for reporting
| x [XSS] Fixed OpenID-related false positive
| x Restored Nightly compatibility broken by bug 1253016
| x Fixed regression in HTTPS enforcing exceptions
| x [Surrogate] Updated googletag replacement (thanks barbaz)
| x [Surrogate] Updated ga replacement (thanks barbaz)
| x [XSS] Improved replacement for dangerous keywords/built-in
| properties (thanks Emanuel Bronshtein @e3amn2l for report)
| x [HTTPS] noscript.httpsDefWhitelist option to automatically
| upgrade to HTTPS sites found in the default whitelist
| (enabled by default, thanks Mazin Amhed for reporting)

NoScript Security Suite 2.9.0.4 - Feb. 10, 2016
-----------------------------------------------

| v 2.9.0.4
| =============================================================
| x Fixed InjectionChecker over-optimization bug (thanks Maxim
| Rupp for reporting)
| x [l10n] Updated ar (thanks Nassim Dhaher)

NoScript Security Suite 2.9.0.3 - Feb. 1, 2016
----------------------------------------------

| v 2.9.0.3rc2
| =============================================================
| x Fixed NoScript blocking WebExtensions by default
| x Fixed XSS filter JSON sanitization bug (thanks Maxim Rupp
| for reporting)

NoScript Security Suite 2.9.0.2 - Jan. 8, 2016
----------------------------------------------

| v 2.9.0.2
| =============================================================
| x Version bump to work around AMO's 404 when serving 2.9.0.1
|  
| v 2.9.0.1
| =============================================================
| x Replaced "for each ()" with "for (... of ...)"
| x Removed array comprehension usage
| - Removed compatibility with Gecko lt 13
| x Fixed conflict w/ KeeFox + CTR (thanks amloessb for report)
| https://forums.informaction.com/viewtopic.php?p=80581

NoScript Security Suite 2.9 - Dec. 31, 2015
-------------------------------------------

| v 2.9rc1
| =============================================================
| x [e10s] Fixed "Temporarily allow top-level sites by default"
| broken by Electrolysis
| x Fixed "key.revokeTemp" preference management bug (thanks
| palme for patch)

NoScript Security Suite 2.7 - Nov. 22, 2015
-------------------------------------------

| v 2.7
| =============================================================
| - Removed `informaction.com <http://informaction.com>`__,
  `flashgot.net <http://flashgot.net>`__ and `maone.net <http://maone.net>`__
  from
| the default whitelist to reduce the potential attack
| surface
| - Removed vestigial noscript.forbidData preference
| x Fixed shorthands not checked for ftp(s) sites (thanks
| Leon Winter for patch)
| x [Surrogate] Fixed googletag replacement (thanks barbaz)
| x Fixed incompatibility with importScript() from workers
| breaking new reCaptcha implementation (thanks Mr_KrzYch00
| for reporting)

NoScript Security Suite 2.6.9.39 - Oct. 19, 2015
------------------------------------------------

| v 2.6.9.39
| =============================================================
| x Work-around for a XSS "false positive" caused by
  `nwolb.com <http://nwolb.com>`__
| passing Javascript code across subdomains in
  `window.name <http://window.name>`__
| (thanks Sagiv Masvari for reporting)

NoScript Security Suite 2.6.9.38 - Oct. 8, 2015
-----------------------------------------------

| v 2.6.9.38
| =============================================================
| x Fixed breakage due to const declarations behavior changes
| in latest Firefox nightlies (thanks to all the people in
| https://bugzilla.mozilla.org/show_bug.cgi?id=1212707)

NoScript Security Suite 2.6.9.37 - Sept. 28, 2015
-------------------------------------------------

| v 2.6.9.37
| =============================================================
| x Fixed bug: launching a bookmarklet on about:newTab caused
| allow scripts globally for that tab (thanks James Strange
| for reporting)
| x [L10n] Updated French translation (thanks Syl)
| x Fixed NOSCRIPT element hidden on Javascript-disabled pages
| (moz bug 1208818)
| x [Surrogate] enhanced `gogletags.com <http://gogletags.com>`__ replacement
  (thanks
| therube)
| x Fixed subtle bug in load context association causing an
| origin mismatch in one corner case (thanks Gareth Heyes
| for reporting)

NoScript Security Suite 2.6.9.36 - Aug. 20, 2015
------------------------------------------------

| v 2.6.9.36
| =============================================================
| x [L10n] Fixed typo in nb-NO (thanks Mikkel H.)
| x [e10s] Fixed top-level site auto-whitelisting broken
| x [e10s] Fixed MozBug 1196477 (crash with allowLocalLinks)
| x Shorthands reliability improvements
| x [ClearClick] fixed console spam due to missing XPCOM
| interfaces for HTML elements
| x In order to help Netflix users with the new video delivery
| system, users who have `netflix.com <http://netflix.com>`__ already in their
| whitelist get https://*.nflxvideo.net whitelisted as
| well on upgrade

NoScript Security Suite 2.6.9.35 - Aug. 12, 2015
------------------------------------------------

| v 2.6.9.35
| =============================================================
| x [Surrogate] `googletagservices.com <http://googletagservices.com>`__
  replacement now supports
| custom googletag objects (thanks barbaz)
| x [Surrogate] fixed surrogates stopped working on older
| Gecko versions (thanks barbaz)
| x [XSS] Work-around for false positive on some Yahoo! URLs
| x Corrected mistyped about:pocket-saved whitelist entry
| x Fixed race condition in ABE options observer causing
| l.getRowCount() console spam

NoScript Security Suite 2.6.9.34 - Aug. 2, 2015
-----------------------------------------------

| v 2.6.9.34
| =============================================================
| x [Surrogate] Fixed a bug preventing some replacements from
| running
| x [XSS] Fixed over-optimized JSON and dots erasure allowing
| for a filter bypass in specific (and likely rare)
| circumstances (thanks Gareth Heyes for reporting)

NoScript Security Suite 2.6.9.33 - July 29, 2015
------------------------------------------------

| v 2.6.9.33
| =============================================================
| x [XSS] Fixed bug in minimal inline JavaScript fragment
| detection (thanks Frederik Braun for reporting)
| x [L10n] Updated Russian (thanks fatboy).
| x [Surrogate] fixed scope conflicts caused by the $S() object
| replacement wrapper (e.g. with some EA games)

NoScript Security Suite 2.6.9.32 - July 26, 2015
------------------------------------------------

| v 2.6.9.32
| =============================================================
| + Added domains required for Netflix playback to the default
| whitelist
| x Fixed inline script blocking broken by latest Nightlies
| x Fixed NOSCRIPT elements not being shown in script-blocked
| pages on Firefox betas
| x [Surrogate] shimmed or replaced code causing deprecations
| x [Surrogate] updated googletag replacement (thanks barbaz)
| x [XSS] Fixed regression in minimal inline JavaScript
| fragment detection (thanks Gareth Heyes for reporting)
| x Fixed edge case causing JavaScript redirections detection
| to fail on http://qklnk.co/ (thanks Jess Hampshire for RFE)

NoScript Security Suite 2.6.9.31 - July 15, 2015
------------------------------------------------

| v 2.6.9.31
| =============================================================
| x [XSS] Fixed attribute injection checks regression (thanks
| Maxim Rupp and .mario of Cure53 for reporting)

NoScript Security Suite 2.6.9.30 - July 9, 2015
-----------------------------------------------

| v 2.6.9.30
| =============================================================
| x Fixed noscript.allowWhitelistUpdates preference being
| ignored
| + Filtering out whitelist additions not required by the
| the specific current browser type and version
| + Added about:pocket-save and about:pocket-signup to the
| default whitelist
| x More restrictive and accurate INCLUSION type check (thanks
| Meee for reporting)
| x [XSS] Further invalid characters optimization refinement
| (thanks Mathias Karlsson for reporting)
| x [XSS] Fixed XML stripping optimization to prevent inline
| injections (thanks Mathias Karlsson for reporting)
| x Default whitelist maintenance: removed
  `prototypejs.org <http://prototypejs.org>`__,
| `cdnjs.cloudflare.com <http://cdnjs.cloudflare.com>`__; restored
  `maps.googleapis.com <http://maps.googleapis.com>`__
| x [XSS] Updated inline event handlers related code preventing
| potential 2nd order injections on very badly coded websites
| (thanks Mathias Karlsson for reporting)

NoScript Security Suite 2.6.9.29 - July 1, 2015
-----------------------------------------------

| v 2.6.9.29
| =============================================================
| x [XSS] Improved specificity of invalid characters
| optimization to remove a string literal breaking detection
| bypass (thanks Mathias Karlsson for reporting)

NoScript Security Suite 2.6.9.28 - June 30, 2015
------------------------------------------------

| v 2.6.9.28
| =============================================================
| x Narrowed `googleapis.com <http://googleapis.com>`__ default whitelist entry
  to
| `ajax.googleapis.com <http://ajax.googleapis.com>`__
| x [Surrogate] Updated `gigya.com <http://gigya.com>`__ and
  `2mdn.net <http://2mdn.net>`__ replacements
| (thanks saaib)

NoScript Security Suite 2.6.9.27 - June 17, 2015
------------------------------------------------

| v 2.6.9.27
| =============================================================
| x Fixed media elements being blocked on first (uncached)
| request (thanks RobertDrew for reporting)
| + noscript.middlemouse_temp_allow_main_site about:config
| preference to control whether middle-clicking the toolbar
| button should allow current top document's site (thanks
| barbaz)
| x [L10n] Updated Belarusian (thanks Dzmitry Drazdou)
| + Default whitelist retroactive removal ability
| x Removed `vjs.zendcdn.net <http://vjs.zendcdn.net>`__ from the default
  whitelist

NoScript Security Suite 2.6.9.26 - May 29, 2015
-----------------------------------------------

| v 2.6.9.26
| =============================================================
| x Extended the redirectTo() safety net for to all the internal
| redirections
| x Work-around for redirectTo() breaking Flash plugin
| subrequests
| x Got ChannelReplacement backed by HTTPChannel.redirectTo()
| whenever possible (should fix moz-bug 1153256 for good)
| x Fixed double redirection in HTTPS enforcing

NoScript Security Suite 2.6.9.25.1-signed - May 23, 2015
--------------------------------------------------------

| v 2.6.9.25
| =============================================================
| x Fixed regression preventing HTTPS enforcing exceptions from
| being honored
|  
| v 2.6.9.24
| =============================================================
| x Fix for intermittent crashes on older Gecko versions

NoScript Security Suite 2.6.9.23.1-signed - May 22, 2015
--------------------------------------------------------

| v 2.6.9.23
| =============================================================
| x Work-around for moz-bug 1167371
| x Fixed fatal regression on Firefox 34 and below
| x Improved backward compatibility
| x Work-around for anonymized plugin subrequests being vetoed
| by channel event sink
| x Fixed backward compatibility PopupBoxObject shim
| x [E10s] Fixed cascading permissions broken when checks are
| performed cross-process
| x [Surrogate] Removed deprecated "for each" constructs from
| replacements
| x [L10n] Updated ru-RU (thanks negodnik)
| x Tentative fix for Bug 1153256 (thanks Dragana Damjanovic)
| + Added about:preferences to the mandatory whitelist
| - Removed legacy STS support
| + [Surrogate] `2mdn.net <http://2mdn.net>`__ inclusion replacement (thanks
  barbaz)
| + [E10s] Restored inline JavaScript blocking

NoScript Security Suite 2.6.9.22.1-signed - April 20, 2015
----------------------------------------------------------

| v 2.6.9.22
| =============================================================
| + [Surrogate] Generalized OWASP antiClickjacking replacement
| (thanks barbaz for RFE)
| + [Surrogate] Wordpress scriptless site auto-show replacement
| + `bootstrapcdn.com <http://bootstrapcdn.com>`__ in default whitelist

NoScript Security Suite 2.6.9.21.1-signed - April 7, 2015
---------------------------------------------------------

| v 2.6.9.21
| =============================================================
| + Added "mediasource:" to the mandatory whitelist (Moz-Bug
| 1151638)
| x [Surrogate] Updated
  `googletagservices.com <http://googletagservices.com>`__ replacement
| (thanks barbaz)
| x Better compatibility with SDK-based add-ons using data:
| URIs (thanks Mingyi Liu for report)

NoScript Security Suite 2.6.9.20.1-signed - March 31, 2015
----------------------------------------------------------

| v 2.6.9.20rc2
| =============================================================
| x Improved "Recently blocked sites..." recording
| x Fixed inconsistencies in data: URIs handling (thanks barbaz
| for reporting)

NoScript Security Suite 2.6.9.19.1-signed - March 20, 2015
----------------------------------------------------------

| v 2.6.9.19
| =============================================================
| + [Surrogate] .gigya.com replacement provided by barbaz
| + [Surrogate] `js.stripe.com <http://js.stripe.com>`__ replacement provided
  by barbaz
| + Improved usability of new Yahoo! video activation (thanks
| Glenn for reporting)
| + Added `googlevideo.com <http://googlevideo.com>`__ to the default whitelist
  because it's
| now required to play Youtube movies (thanks barbaz for RFE)

NoScript Security Suite 2.6.9.18.1-signed - March 13, 2015
----------------------------------------------------------

| v 2.6.9.18
| =============================================================
| x Fixed restrictSubdocScripts/globalHTTPSWhitelist
| interaction issue (thanks Tor Project for report)
| x Fixed regression always disabling scripts whenever site's
| host name is a IPv6 literal (thanks ipv6user for report)
| x Fixed menu automatic disappearance on mouse exit broken by
| Firefox 36 changes (thanks randavis, cumdacon and barbaz
| for report)

NoScript Security Suite 2.6.9.17.1-signed - March 8, 2015
---------------------------------------------------------

| v 2.6.9.17
| =============================================================
| x Fixed cascadePermissions/globalHTTPSWhitelist interaction
| issue with IFRAMEs (thanks Tor Project for report)
| x Fixed cascadePermissions being enforced also if the top
| document is implicitly allowed by the globalHTTPSWhitelist
| policy, rather than explicitly whitelisted, causing HTTP
| subdocument and scripts to be unintendendly allowed when
| the top document is HTTPS (thanks Tor Project for report)
| x [Surrogate] Update Google Analytics replacement (thanks
| barbaz)

NoScript Security Suite 2.6.9.16.1-signed - March 1, 2015
---------------------------------------------------------

| v 2.6.9.16
| =============================================================
| + [Surrogate] Updated Gravatar surrogate (thanks barbaz)
| + Additional HTML sanitization when pasting rich text into
| content-editable elements (thanks .mario for RFE)
| + Introduced framework for E10s migration, starting with new
| features and fixes
| x Removed deprecated let () expressions from the code base

NoScript Security Suite 2.6.9.15.1-signed - Feb. 19, 2015
---------------------------------------------------------

| v 2.6.9.15
| =============================================================
| + Fixed regression in 2.6.9.12 causing data: URI documents
| to be scripting-enabled (thanks GOF for tweet)

NoScript Security Suite 2.6.9.14.1-signed - Feb. 18, 2015
---------------------------------------------------------

| v 2.6.9.14
| =============================================================
| + [Surrogate] OWASP legacy Javascript-based "antiClickjack"
| protection surrogate to unhide "protected" pages when
| scripting is disabled (thanks barbaz)
| + Restored noscript.forbidXHR functionality trying to make it
| more web-compatible (thanks barbaz for RFE)

NoScript Security Suite 2.6.9.13.1-signed - Feb. 11, 2015
---------------------------------------------------------

| v 2.6.9.13
| =============================================================
| x [XSS] Fixed bugs in comment stripping optimization (thanks
| Masato Kinugawa for reporting)
| x [XSS] Better protection against some ES6 attacks (thanks
| Masato Kinugawa for reporting)
| - Removed support for XMLHttpRequest blocking
| (noscript.forbidXHR preference). The same functionality,
| if really needed, can still be achieved through ABE anyway.

NoScript Security Suite 2.6.9.12.1-signed - Feb. 4, 2015
--------------------------------------------------------

| v 2.6.9.12
| =============================================================
| x Fixed origin checking bug causing sandboxed IFRAMEs to have
| scripting always disabled (thanks Ellad Tadmor for report)

NoScript Security Suite 2.6.9.11.1-signed - Jan. 16, 2015
---------------------------------------------------------

| v 2.6.9.11
| =============================================================
| x [Surrogate] microsoftSupport surrogate to force the content
| to be shown if scripts are disabled (thanks thunderscript)
| x Check private browsing against chrome rather than content
| windows (prevents annoying warning console messages)

NoScript Security Suite 2.6.9.10.1-signed - Dec. 25, 2014
---------------------------------------------------------

| v 2.6.9.10
| =============================================================
| x Fixed regression: permanently allow a web site erasing
| temporary whitelist items (thanks smersh for reporting)
| x Fixed private windows detection for UI adaptation broken in
| SeaMonkey (thanks barbaz for reporting)
| x Made the Permanent "allow" commands in private windows'
| checkbox look and behave like the other options in the
| "Appearance" tab, i.e. controlling the visibility of the
| menu item by the same name

NoScript Security Suite 2.6.9.9.1-signed - Dec. 19, 2014
--------------------------------------------------------

| v 2.6.9.9
| =============================================================
| x Updated GPL.txt and NoScript_License.txt with current FSF
| information (thanks Thomas Spura for reporting)
| x Fixed regression causing "Revoke temporary permissions"
| gitches (thanks barbaz for reporting)
| x Moved the Permanent "allow" commands in private windows'
| menu toggle next to the 'Options' command

NoScript Security Suite 2.6.9.8.1-signed - Dec. 16, 2014
--------------------------------------------------------

| v 2.6.9.8
| =============================================================
| + 'Permanent "allow" commands in private windows' preference
| in NoScript Options|Appearance (inverse of
| noscript.volatilePrivatePermissions)
| + 'Permanent "allow" commands in private windows' toggle
| in NoScript menu while in Private Browsing mode, controlled
| by noscript.showVolatilePrivatePermissionsToggle
| x Fixed regression in Cascade Permissions mode (thanks Kitty
| Box for reporting)
| + Fixed whitelisting regression on Gecko 25 and below (e.g.
| Palemoon)
| + Actually prevent temporary whitelist items from being saved
| in prefs (thanks to Mike Perry)

NoScript Security Suite 2.6.9.7.1-signed - Dec. 15, 2014
--------------------------------------------------------

| v 2.6.9.7
| =============================================================
| x Fixed inconsistencies in the globalHttpsWhitelist option
| implementation (thanks Mike Perry for reporting)
| + Volatile temporary whitelist, never gets saved to disk
| (thanks to Tor Project for sponsorship)
| + Never show permanent whitelist modifying commands when in
| private mode, unless the noscript.volatilePrivatePermissions
| preference is false (thanks to Tor Project for sponsorship)
| + noscript.allowWhitelistUpdate preference to control whether
| NoScript should be able to tweak the whitelist on version
| updates when the 3rd party requirements for an already
| whitelisted website change (thanks Thencent for RFE)

NoScript Security Suite 2.6.9.6.1-signed - Dec. 4, 2014
-------------------------------------------------------

| v 2.6.9.6
| =============================================================
| + Built-in force HTTPS list, seeded with
  `www.youtube.com <http://www.youtube.com>`__
| x Work-around for bogus Youtube embedded frame activation
| patterns (thanks al_9x for reporting)
| x Fixed bookmarklet execution regression in older Firefox
| versions (thanks 5keeve for reporting)
| x Fixed subdocuments of a [System Principal] page not being
| allowed when they should in cascade permission modes (
| thanks hjkl for reporting)

NoScript Security Suite 2.6.9.5.1-signed - Nov. 24, 2014
--------------------------------------------------------

| v 2.6.9.5
| =============================================================
| x Fixed memory leak when a top-level browser window is closed
| (thanks cks for reporting)
| x [XSS] compatibility tweak for `swisspost.ch <http://swisspost.ch>`__
| x Miscellaneous HTTPS URLs lockdown
| + Support for full-encrypted https://noscript.net
| x Updated Twitter surrogate (thanks ozjuggler and barbaz)
| x Work-around for thumbnail generation protection being
| broken by some add-ons
| x Fully disable background processed thumbnail generation
| unless noscript.bgThumbs.allowed about:config preference
| is set to true
| x Control JavaScript enabled in background thumbail
| generation through the noscript.bgThumbs.disableJS
| about:config preference
| + Forcing remote browsers used for thumbnail generation to
| disable JavaScript (thanks vpoint for reporting)
| + [Surrogate] Invodo dummy replacement (thanks barbaz)

NoScript Security Suite 2.6.9.4.1-signed - Nov. 15, 2014
--------------------------------------------------------

| v 2.6.9.4
| =============================================================
| + Added `vimeocdn.com <http://vimeocdn.com>`__ as a
  `vimeo.com <http://vimeo.com>`__ dependency if already
| whitelisted
| + [Surrogate] Enabling `imgserve.com <http://imgserve.com>`__ age
  verification button
| even if JavaScript is disabled
| x Fixed IP6 to IP4 mapping bug (thanks stack / inventati)

NoScript Security Suite 2.6.9.3.1-signed - Oct. 23, 2014
--------------------------------------------------------

| v 2.6.9.3
| =============================================================
| x More accurate referrer checks for some edge cases (thanks
| AlbertMTom for reporting)
| x [ABE] More restrictive local IP checks (thanks AlbertMTom
| for reporting)
| + More permissive AddressMatcher IP parser
| + [XSS] Improved sensitivity (thanks Masato Kinugawa)

NoScript Security Suite 2.6.9.2.1-signed - Oct. 18, 2014
--------------------------------------------------------

| v 2.6.9.2
| =============================================================
| + [XSS] Improved sensitivity (thanks Masato Kinugawa)

NoScript Security Suite 2.6.9.1.1-signed - Oct. 13, 2014
--------------------------------------------------------

| v 2.6.9.1
| =============================================================
| + [XSS] focus-based exfiltration protection (thanks Masato
| Kinugawa for reporting)
| x [XSS] Fixed false positive in risky operators detection
| (thanks Roman Vock for reporting)

NoScript Security Suite 2.6.9.1-signed - Oct. 5, 2014
-----------------------------------------------------

| v 2.6.9
| =============================================================
| + [XSS] Improved location-based exfiltration protection
| (thanks Masato Kinugawa for reporting)
| + [Surrogate] `login.person.org <http://login.person.org>`__ inclusion
  (thanks barbaz)
| x [XSS] Fixed 2.6.8.43 regressions
| x [XSS] Improved specificity for eval-like patterns
| + Switched to a treeview for faster management of very long
| whitelists (thanks barbaz for patch)
| x Tentative work-around for potential performance problems
| reportedly related to Australis support
| v 2.6.9rc4
| =============================================================
| + [XSS] Fixed bug in location-based exfiltration protection
| (thanks Masato Kinugawa for reporting)
|  
| v 2.6.9rc3
| =============================================================
| + [XSS] Improved location-based exfiltration protection
| (thanks Masato Kinugawa for reporting)
| v 2.6.9rc2
| =============================================================
| + [Surrogate] `login.person.org <http://login.person.org>`__ inclusion
  (thanks barbaz)
| x [XSS] Fixed 2.6.8.43 regressions
| x [XSS] Improved specificity for eval-like patterns
|  
| v 2.6.9rc1
| =============================================================
| + Switched to a treeview for faster management of very long
| whitelists (thanks barbaz for patch)
| x Tentative work-around for potential performance problems
| reportedly related to Australis support
| x [XSS] Fixed 2.6.8.43 regressions

NoScript Security Suite 2.6.8.43.1-signed - Sept. 27, 2014
----------------------------------------------------------

| v 2.6.8.43
| =============================================================
| x [XSS] Protection against some exfiltration attacks based on
| arithmetic operators (thanks Masato Kinugawa and File
| Descriptor AKA XSS Jigsaw for reporting)

NoScript Security Suite 2.6.8.42.1-signed - Sept. 22, 2014
----------------------------------------------------------

| v 2.6.8.42rc3
| =============================================================
| + User-facing "Reload the current tab only" option
| x Fixed subtle bug in ScriptSurrogate.replaceScript()
| x Fixed HTTPS and cascading permission policies not applying
| to XHR and XBL checks
| x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
| reporting)
| + [XSS] `window.name <http://window.name>`__ exfiltration protection (thanks
  Masato
| Kinugava for reporting)
| x Fixed script sources enumeration breakage in Firefox 35
| (Moz Bug 1068508, thanks Octoploid for reporting)
|  
| v 2.6.8.42rc3
| =============================================================
| + User-facing "Reload the current tab only" option
| x [XSS] Improved `window.name <http://window.name>`__ exfiltration protection
| (thanks Masato Kinugava for reporting)
|  
| v 2.6.8.42rc2
| =============================================================
| x Fixed subtle bug in ScriptSurrogate.replaceScript()
| x Fixed HTTPS and cascading permission policies not applying
| to XHR and XBL checks
| x [XSS] Fixed ES6-based bypasses (thanks Masato Kinugava for
| reporting)
| + [XSS] `window.name <http://window.name>`__ exfiltration protection (thanks
  Masato
| Kinugava for reporting)
|  
| v 2.6.8.42rc1
| =============================================================
| x Fixed script sources enumeration breakage in Firefox 35
| (Moz Bug 1068508, thanks Octoploid for reporting)

NoScript Security Suite 2.6.8.41.1-signed - Sept. 11, 2014
----------------------------------------------------------

| v 2.6.8.41
| =============================================================
| x Improved Australis toolbar compatibility (thanks Quicksaver
| for help)
| x Added "Always ask" checkbox to the removal confirmation
| dialog (thanks agaxwtmp for RFE)
| x Fixed Options dialog broken on ancient Firefox versions
| x [XSS] Fixed false positive within \*.adxns.com

NoScript Security Suite 2.6.8.40.1-signed - Sept. 1, 2014
---------------------------------------------------------

| v 2.6.8.40
| =========================================================================
| x Fixed regression causing script inclusions with non-standard ports to
| be always blocked
| x [ABE] Improved ruleset editing UI (thanks barbaz for patch)

NoScript Security Suite 2.6.8.39.1-signed - Aug. 26, 2014
---------------------------------------------------------

| v 2.6.8.39
| =========================================================================
| x [Surrogate] Removed DARLA surrogate and reimplemented its work-around
| as a XSS filter exception
| x [Bookmarklets] Fixed bookmarklets broken when JavaScript is enabled
| (thanks therube for reporting)
| x [Surrogate] Work-around for DARLA surrogate breaking Yahoo! Mail

NoScript Security Suite 2.6.8.38.1-signed - Aug. 24, 2014
---------------------------------------------------------

| v 2.6.8.38
| =========================================================================
| x Fixed regression preventing Youtube movies from playing
| x Completed work-around for Firefox's Bug 1044351
| x [Surrogate] Improved Yahoo! DARLA source matching

NoScript Security Suite 2.6.8.37.1-signed - Aug. 24, 2014
---------------------------------------------------------

| v 2.6.8.37
| =========================================================================
| x Made the new additional script blocking policies more consistent with
| other features (e.g. the XSS filter)
| x NoScript's toolbar button is now friendlier to other Australis-enabled
| add-ons
| x Work-around for Firefox's Bug 1044351 (thanks al_9x for RFE)
| x [XSS] Support for new insidious ES6 constructs introduced in Firefox 34
| (thanks .mario for reporting)
| x [HTTPS] Experimental "Allow HTTPS scripts globally on HTTPS documents"
| mode
| x [Surrogate] Yahoo! "DARLA" ads loader post-execution surrogate prevents
| the browser from stalling due to the many
  `window.name <http://window.name>`__-based XSSes
| intentionally used by this ads delivery script

NoScript Security Suite 2.6.8.36.1-signed - July 28, 2014
---------------------------------------------------------

| v 2.6.8.36
| =========================================================================
| x [Surrogate] Updated `adf.ly <http://adf.ly>`__ replacement (thanks kasper93
  for coding)
| x [Surrogate] Updated `connect.facebook.net <http://connect.facebook.net>`__
  replacement
| x Fixed bookmarklet emulation compatibility issue breaking some add-ons
| which rely on the new getShortcutOrURIAndPostData() function signature
| x Fixed regression causing preventing the Blocked Objects list from being
| manually reset

NoScript Security Suite 2.6.8.35.1-signed - July 24, 2014
---------------------------------------------------------

| v 2.6.8.35
| =========================================================================
| x Improved compatibility with browser built-in Click To Play
| + Recently blocked sites are now recorded per-window (causing automatic
| oblivion of data from Private Browsing windows when they're closed)
| + Recently blocked sites are not collected at all unless the menu item
| is configured to be shown (thanks Barbaz for RFE and patch)

NoScript Security Suite 2.6.8.33.1-signed - July 8, 2014
--------------------------------------------------------

| v 2.6.8.33
| =========================================================================
| x Fixed regression in smart reloading of just allowed HTML Media elements
| (thanks barbaz for reporting)
|  
| v 2.6.8.32rc3
| =========================================================================
| x Fixed regression: NOSCRIPT element not shown on non-whitelisted pages
| (thanks Germán Ponte and Michael Kehrein for reporting)
|  
| v 2.6.8.32rc2
| =========================================================================
| x Replaced Ci.nsIDOMHTML(Video|Audio)Element (about to be removed) with
| window.(Video|Audio)Element counterparts (see Moz Bug 1034304)
|  
| v 2.6.8.32rc1
| =========================================================================
| x Fixed jammed icon on the navigation bar when "left clicking on toolbar
| icon toggles..." option is checked (thanks Larry for reporting)

NoScript Security Suite 2.6.8.31.1-signed - June 30, 2014
---------------------------------------------------------

| v 2.6.8.31
| =========================================================================
| x Updated HTML5 and Gecko-specific markup elements list
| x Fixed "too much recursion" book in bookmarklet emulation when executing
| window.open(..., "_self") (thanks al_9x)
| x Improved icons consistence with cascading permissions
| x Fixed 2.6.8.30rc1 regression: broken local file loads
| x Make "[Temporarily] Allow all this page" affect only the top-level
| document's origin when cascading permissions mode is enabled
| x [Surrogate] Fixed regression about a small change in sandbox principal
| management breaking some surrogates, including Google Analytics
| x [CAPS] better compatibility with Firefox 30's restored checkloaduri
| prefs hack
| + UI support for cascadePermissions and restrictSubdocScripting
| + "NoScript Options|Advanced|Trusted|Cascade top document's permissions
| to 3rd party scripts" user-facing preference
| + "NoScript Options|Advanced|Untrusted|Block scripting in whitelisted
| subdocuments of non-whitelisted pages" user-facing preference
| + Backported cascadePermissions and restrictSubdocScripting support to
| ESR 24

NoScript Security Suite 2.6.8.29.1-signed - June 23, 2014
---------------------------------------------------------

| v 2.6.8.29
| =========================================================================
| x [Surrogate] `googletagservices.com <http://googletagservices.com>`__
  replacement (thanks Guest and barbaz)
| x Fixed bookmarklet emulation "Object.getPrototypeOf(...).open is
| undefined" failure on Nightly (thanks Ria and barbaz for reporting)

NoScript Security Suite 2.6.8.28.1-signed - June 3, 2014
--------------------------------------------------------

| v 2.6.8.28
| =========================================================================
| x Fixed bookmarklet execution on non-whitelisted page causing scripts
| to be globally allowed (thanks barbaz and therube for reporting)

NoScript Security Suite 2.6.8.27.1-signed - June 3, 2014
--------------------------------------------------------

| v 2.6.8.27
| =========================================================================
| x Work-around for bug 1005552 (backport to ESR)
| + [Surrogate] External script surrogates are now triggered whenever a
| matching script fails to load, no matter the reason, e.g. NoScript
| permissions, ABE, ABP or RequestPolicy (thanks bonanza for RFE)
| x [XSS] Worked around OpenID-related false positive (thanks Gunnar for
| reporting)
| x [XSS] Better work around for false positive in `gmx.com <http://gmx.com>`__
  new webmail,
| designed to work across all its implementations

NoScript Security Suite 2.6.8.26.1-signed - May 27, 2014
--------------------------------------------------------

| v 2.6.8.26
| =========================================================================
| x [XSS] `gmx.com <http://gmx.com>`__ false positive work-around extended to
  international
| domains (thanks dood_97 for reporting)
| x [XSS] `gmx.com <http://gmx.com>`__ false positive work-around extended to
  `mail.com <http://mail.com>`__ (thanks
| boris for reporting)
| + noscript.cascadePermissions preliminary backend implementation
| + noscript.restrictSubdocScripting preliminary backend implementation

NoScript Security Suite 2.6.8.25.1-signed - May 21, 2014
--------------------------------------------------------

| v 2.6.8.25
| =========================================================================
| x [ABE] Fixed inability to discriminate loads inititated from the URL bar
| on latest Nightlies (thanks Soothsayer for reporting)
| x [XSS] Fixed false positive on new `gmx.com <http://gmx.com>`__ login
  (thanks Luigi and LeeB
| for reporting)
| x [Surrogate] Fixed new
  `google-analytics.com <http://google-analytics.com>`__ surrogate causing
  Google
| Spreadsheet's columns not to be resizable (thanks bobbybrown for
| reporting)

NoScript Security Suite 2.6.8.24.1-signed - May 14, 2014
--------------------------------------------------------

| v 2.6.8.24
| =========================================================================
| + Synthetic load events are sent and error events are suppressed for
| blocked script elements, in order to work around strict script
| inclusion enforcers. This feature is triggered by default only by
| Require.js module imports, but can be fully configured by
| noscript.fakeScriptLoadEvents.\* about:config preferences:
| \* .enabled: switches this feature on/off
| \* .onlyRequireJS: if true (default) applies the feature only to script
| inclusions initiated by Require.js
| \* .exceptions: AddressMatcher pattern matching the source URLs of
| script elements which should not cause fake load events when blocked
| \* .docExceptions: AddressMatcher pattern matching the URLs of documents
| where no fake load event must be raised
| x Improved toStaticHTML() implementation (thanks .mario for reporting)
| x Removed useless ICC profiles from some icons (thanks taffit for RFE)
| x [Surrogate] Improved `google-analytics.com <http://google-analytics.com>`__
  (ga) surrogate
| x [XSS] Fixed characters redundancy reduction bug (thanks Masato Kinugawa
| for reporting)
| x [XSS] Fixed typo in the new regular expression literals stripping
| routine implementation (thanks Masato Kinugawa for reporting)
| x [XSS] Fixed subtle bug in regular expression literals stripping
| optimization, potentially causing false negatives in edge cases (thanks
| Masato Kinugawa for reporting)
| x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
| and NoScript's on-hover menu needing a click to be closed

NoScript Security Suite 2.6.8.23.1-signed - May 4, 2014
-------------------------------------------------------

| v 2.6.8.23
| =========================================================================
| x Work-around for Firefox bug causing popup.hidePopup() to fail sometimes
| and NoScript's on-hover menu needing a click to be closed
| v 2.6.8.22
| =========================================================================
| x Better algorithm for menu items ordering

NoScript Security Suite 2.6.8.22.1-signed - May 4, 2014
-------------------------------------------------------

| v 2.6.8.22
| =========================================================================
| x Better algorithm for menu items ordering

NoScript Security Suite 2.6.8.21.1-signed - May 3, 2014
-------------------------------------------------------

| v 2.6.8.21
| =========================================================================
| x Fixed XSL check regression (thanks barbaz for reporting)
| x Work-around for bug 1005552
| + [Surrogate] Gravatar dummy replacement
| x [Australis] Support for reversed menu on surrogate status/addon bars

NoScript Security Suite 2.6.8.20.1-signed - April 14, 2014
----------------------------------------------------------

| v 2.6.8.20
| =========================================================================
| x Partially restored "Allow local links" functionality (works for HTML
| file:// links but not for embedded resources and scripted loads)
| + "allowLocalLinks.from" about:config preference to define a whitelist
| (in ABE URL pattern list syntax) which, if valid and not empty,
| overrides the JavaScript whitelist which is reused by legacy default
| for pages allowed to open file:// links (Gecko 28 and above)
| + "`allowLocalLinks.to <http://allowLocalLinks.to>`__" about:config
  preference to define a whitelist
| (in ABE URL pattern list syntax) which, if valid and not empty,
| limits the file:// links which can be opened by allowed pages
| (Gecko 28 and above)
| - Removed "Allow rich text copy and paste from external clipboard" option
| from the UI if the browser doesn't support CAPS (Gecko 28 and above)
| x Implemented early permission changes enforcement on not yet reloaded
| pages, to better match the old CAPS-based behavior (thanks therube
| for reporting)
| x [Surrogates] Fixed Google Analytics surrogate breaking some javascript:
| links (thanks Will for reporting)
| x [L18n] Fixed Finnish typo (thanks Kalle Niemitalo for reporting)
| x [XSS] Removed OAuth-triggered false positive (thanks Gunnar Scherf for
| reporting)
| x [XSS] Stricter checks for HTTPS requests from a same domain origin with
| different scheme (thanks LouiseRBaldwin for reporting)

NoScript Security Suite 2.6.8.19.1-signed - March 24, 2014
----------------------------------------------------------

| v 2.6.8.19
| =========================================================================
| x Fixed CAPS initialization broken in Gecko 27 and below
| x Fixed wildcard port matching broken in Gecko 28 and below
| ing broken in Gecko 28 and below

NoScript Security Suite 2.6.8.18.1-signed - March 23, 2014
----------------------------------------------------------

| v 2.6.8.18
| =========================================================================
| x Fixed some bookmarklets being broken by Gecko 28
| x [Surrogate] Fixed some surrogates being broken by Gecko 28
| - Disabled CAPS-based script blocking for Gecko 28 and above
| x Fixed XSLT blocking broken by recent Gecko changes (thanks Xenos for
| reporting)

NoScript Security Suite 2.6.8.17.1-signed - March 2, 2014
---------------------------------------------------------

| v 2.6.8.17
| =========================================================================
| x CSS tweak for Australis support (thanks Jared Wein)
| x Fixed new bookmarklet execution module accidentally using X rays
| wrappers and therefore failing to interact

NoScript Security Suite 2.6.8.16.1-signed - Feb. 27, 2014
---------------------------------------------------------

| v 2.6.8.16
| =========================================================================
| x Closing a placeholder doesn't collapse its space anymore, unless the
| noscript.placeholderCollapseOnClose is set to true or the "Collapse
| blocked objects" Embeddings option is checked (thanks Elmart for RFE)
| x Further bookmarklet emulation improvements yet (thanks porl for RFEs)

NoScript Security Suite 2.6.8.14.1-signed - Feb. 11, 2014
---------------------------------------------------------

| v 2.6.8.14
| =========================================================================
| x Fixed bookmarklet execution disabling JavaScript on whitelisted pages
| (Firefox >= 29, thanks vsemozhetbyt for reporting mozbug 970445)
| x [ABE] Improved compatibility with .local domains (thanks func0der for
| reporting)

NoScript Security Suite 2.6.8.13.1-signed - Jan. 22, 2014
---------------------------------------------------------

| v 2.6.8.13
| =========================================================================
| x Restored z-order mobility for options dialog on Linux (thanks barbaz
| for RFE)
| x Moved ClearClick options into their own "Advanced" sub-tab (thanks
| Thrawn for RFE)
| x Minor options dialog tweakings
| - Removed External Filters options panel
| x The option dialog is non-modal and recycled now (thanks barbaz for RFE)

NoScript Security Suite 2.6.8.12.1-signed - Jan. 14, 2014
---------------------------------------------------------

| v 2.6.8.12
| =========================================================================
| x Improved work-around for
| https://bugzilla.mozilla.org/show_bug.cgi?id=958962
| + [Surrogate] Prevent blank ModPagespeed-patched pages when meta refresh
| inside NOSCRIPT elements is blocked (thanks thunderscript and barbaz)
| x Fixed one-time this.getSite() error on startup
| + Browser Console support
| x [Locale] Updated fr (thanks Jack Black)
| x Fixed feed reader broken on non-whitelisted sites in non-stable Firefox
| (thanks LouCypher for reporting)

NoScript Security Suite 2.6.8.11.1-signed - Jan. 8, 2014
--------------------------------------------------------

| v 2.6.8.11
| =========================================================================
| x [XSS] Fixed nested URL parsing optimization bug (thanks Masato Kinugawa
| for reporting)
| x [XSS] Abort, rather than filter, potential charset-based attacks (
| thanks Masato Kinugawa for reporting)
| x [XSS] Improved Ebay compatibility (thanks Markus Wienand for reporting)
|  
| x [XSS] Fixed bad charset check regression from rc6 (thanks Masato
| Kinugawa for reporting)
| x [XSS] Fixed bad charset checks not honoring exceptions (thanks Masato
| Kinugawa for reporting)
| x Adopted the Components.utils.blockScriptForGlobal() API where possible
| x [XSS] Further improvements in recursive link checks (thanks Masato
| Kinugawa for reporting)
| x [XSS] Better checks for combined data/javascript URIs (thanks Masato
| Kinugawa for reporting)
| x [XSS] Restored fuzzy HTML sniffing in nested data URI (thanks Masato
| Kinugawa for reporting)
| x [XSS] Improved data URI checks (thanks Masato Kinugawa for reporting)
| x [XSS] Enhanced recursive link checks (Thanks PK Cano for reporting)
| x [XSS] Stricter HTML checks on second-order data URI injections exactly
| fitting whole URL attributes (thanks Masato Kinugawa for reporting)

NoScript Security Suite 2.6.8.10.1-signed - Jan. 1, 2014
--------------------------------------------------------

| v 2.6.8.10
| =========================================================================
| x [XSS] Fixed regression causing Google Talk false positive (thanks
| Stuart Young for report)
| x Made about:srcdoc placeholder URL for seamless iframes "mandatory"
| to reflect its actual permissions status (thanks barbaz for RFE)

NoScript Security Suite 2.6.8.9.1-signed - Dec. 29, 2013
--------------------------------------------------------

| v 2.6.8.9
| =========================================================================
| x [XSS] Stricter HTML checks (thanks Masato Kinugawa for reporting)
| x [ClearClick] Exception to cope with Youtube's Google+ comments
| x [XSS] Better data: URI detection (thanks Masato Kinugawa for reporting)
| x [XSS] Improved pure HTML checks (thanks Masato Kinugawa for reporting)
| x [XSS] Fixed InjectionChecker tolerance bug (thanks Masato Kinugawa for
| reporting)
| x [XSS] Improved sanitization

NoScript Security Suite 2.6.8.8.1-signed - Dec. 17, 2013
--------------------------------------------------------

| v 2.6.8.8
| =========================================================================
| + Enforce docShell-based script blocking for Gecko > 28
| + [Surrogate] `addthis.com <http://addthis.com>`__ widget emulation (thanks
  Mathnerd314)

NoScript Security Suite 2.6.8.7.1-signed - Dec. 2, 2013
-------------------------------------------------------

| v 2.6.8.7
| =========================================================================
| x Fixed performance regression in request identity tracking (thanks
| cumdacon and nospamboz for reporting)
| + Protection against new SQLXSSI obfuscation techinques (thanks Alex
| Inführ for reporting)
| x Fixed noscript.allowedMimeRegExp ignoring the FONT pseudo-type (thanks
| barbaz for reporting)

NoScript Security Suite 2.6.8.6.1-signed - Nov. 27, 2013
--------------------------------------------------------

| v 2.6.8.6
| =========================================================================
| x Fixed bugs in noscript.allowedMimeRegExp support (thanks barbaz for
| reporting)
| x [ABE] Fixed increased asynchronicity in Gecko's network processing
| causing intermittent failures (thanks barbaz and al_9x for reporting)
| x [Surrogate] Fixed bug in asynchronous Google Analytics API emulation
| (thanks Lucas Malor for reporting)
| x Fixed missing icon for blocked objects when no script is present in the
| page and scrips are globally allowed

NoScript Security Suite 2.6.8.5.1-signed - Nov. 8, 2013
-------------------------------------------------------

| v 2.6.8.5
| =========================================================================
| x [ClearClick] Fixed empty contentEditable elements cannot receive
| keyboard events in cross-site frames (breaking latest Youtube comments)
| x [XSS] Fixed false positive on redirected script inclusions (breaking
| Stripe payments on Humblebundle, thanks ableeker for reporting)
| x [Surrogate] Better GA, GAPI, Twitter and Facebook compatibility

NoScript Security Suite 2.6.8.4.1-signed - Oct. 24, 2013
--------------------------------------------------------

| v 2.6.8.4
| =========================================================================
| x Fixed shortcut bookmarklet execution requiring noscript.allowURLBarJS
| preference to be true on Firefox 25 beta (thanks ivank for report)
| x [Surrogate] Better emulation of for Google Analytics asynchronous
| tracking (for instance, fixes GMail's "Sign in" link)
| x [ClearClick] Fixed exception being thrown on Firefox 27 alpha (Nightly)
| x Fixed URL bar enhancements broken by Firefox 25 beta
| x Fixed SetVariable/GetVariable failing on dynamically created Flash
| elements, e.g. with SFWObject (thanks longsleep for reporting)

NoScript Security Suite 2.6.8.3.1-signed - Oct. 14, 2013
--------------------------------------------------------

| v 2.6.8.3
| =========================================================================
| x Fixed complex bookmarklet execution requiring synchronous XHR in a
| content policy callback
| x Fixed full-page plugins failed activation until the page is reloaded
| x Fixed full-page HTML5 media failing to play after activation until the
| page is reloaded

NoScript Security Suite 2.6.8.2.1-signed - Oct. 1, 2013
-------------------------------------------------------

| v 2.6.8.2rc2
| =========================================================================
| x Fixed request methods different than POST being turned into GET by
| internal channel redirection when the DNS entry is not cached yet
|  
| v 2.6.8.2rc1
| =========================================================================
| x Fixed regression from CTP fix: some kinds of embedded objects being
| displayed, even though in disabled state, along with placeholders

NoScript Security Suite 2.6.8.1.1-signed - Sept. 20, 2013
---------------------------------------------------------

| v 2.6.8.1
| =========================================================================
| + Added to the default whitelist some CDN subdomains dedicated to serve
| popular open source JS libraries (thanks t3g for RFE)
| x Fixed notification box issues with Seamonkey (thanks barbaz)
| x Work-around for broken CTP notifications (bug 903675)
| x Work-around for Youtube comments XSS false (?) positive
| x [Locale] Updated fr (thanks Jack Black)

NoScript Security Suite 2.6.7.1.1-signed - Aug. 14, 2013
--------------------------------------------------------

| v 2.6.7.1
| =========================================================================
| x [XSS] Fixed false positive on GMail when opening the Google Docs file
| picker (thanks Harry for reporting)
| x [XSS] Fixed parameter elision bug
| + Protection against another variant of error-based SQLXSSI (thanks Alex
| Inführ for reporting)

NoScript Security Suite 2.6.7.1-signed - Aug. 7, 2013
-----------------------------------------------------

| v 2.6.7
| =========================================================================
| x Fixed HTML 5 media content types not blocked when loaded as top-level
| documents (thanks al_9x for reporting)
| x [XSS] Fixed bug in SQLXSSI detection (thanks Alex Inführ for reporting)
| x Fixed resources from resource: origin (such as PDF.js fonts) being
| unnecessarily blocked in restrictive embed blocking mode
| x Removed "ReferenceError: PolicyState is not defined" message appearing
| sometimes in the console dump on startup
| x Fixed scrollbars removed in frames activated from placeholder (thanks
| al_9x for reporting)

NoScript Security Suite 2.6.6.9.1-signed - July 21, 2013
--------------------------------------------------------

| v 2.6.6.9
| =========================================================================
| + [XSS] Added several experimental / unofficial markup atoms to the
| build-time matcher generator (thanks .mario for reporting)

NoScript Security Suite 2.6.6.8.1-signed - July 6, 2013
-------------------------------------------------------

| v 2.6.6.8
| =========================================================================
| x [XSS] Protection against filter evasion exploiting Adobe Flash URL
| parsing and charset handling bugs (thanks Soroush Dalili for reporting)

NoScript Security Suite 2.6.6.7.1-signed - July 2, 2013
-------------------------------------------------------

| v 2.6.6.7
| =========================================================================
| x Fixed ClearClick triggered by recently changed browser built-in Click
| To Play placeholders (bug 889228)
| x [Locale] Updated Czech (thanks Karel)

NoScript Security Suite 2.6.6.6.1-signed - June 10, 2013
--------------------------------------------------------

| v 2.6.6.6
| =========================================================================
| + Made mimetype whitelisting through the noscript.allowedMimeRegExp
| preference work with the WebGL pseudo type (thanks Thrawn for RFE)
|  
| v 2.6.6.5
| =========================================================================
| x Better fix for Nightly breakages
|  
| v 2.6.6.4
| =========================================================================
| x Fixed some recent breakages on Nightly
|  
| v 2.6.6.3
| =========================================================================
| x Improved "fixable" JavaScript links detection (thanks asdf for RFE)

NoScript Security Suite 2.6.6.2.1-signed - May 17, 2013
-------------------------------------------------------

| v 2.6.6.2
| =========================================================================
| x Fixed regression in Tab Mix Plus compatibility due to Gecko 21 changes
| x Improved placeholder management for full-document plugin content, e.g.
| makes Youtube embeddings more usable on Facebook

NoScript Security Suite 2.6.6.1.1-signed - April 29, 2013
---------------------------------------------------------

| v 2.6.6.1
| =========================================================================
| x Fixed backward compatibility issue with recent channel cloning changes
| x [XSS] Compatibility with certain redirector URL patterns (thanks
| Stephen F. for reporting)
| x [ABE] Fixed letest Tab Mix Plus version (4.1.0) causing loads started
| from the address bar to be considered cross-site
| x [Locale] Updated Esperanto (thanks Michael Wolf)
| x [Locale] Updated Upper Serbian (thanks Michael Wolf)

NoScript Security Suite 2.6.6.1-signed - April 3, 2013
------------------------------------------------------

| v 2.6.6
| =========================================================================
| x Added per-window private browsing support to some background requests
| x Improved channel cloning for internal redirections
| x Added further Microsoft mail services dependencies to the default
| whitelist
| x [XSS] Fixed character class bug (thanks Masato Kinugawa for reporting)
| x [XSS] Fixed potential jQuery-based injection (thanks Masato Kinugawa
| for reporting)
| x Improved handling of some moz-null principal instances in ABE requests
| (thanks Thrawn for reporting)
| + New 360Haven surrogate lets the site work with 1st party scripts
| allowed and ads/tracker scripts forbidden
| s forbidden

NoScript Security Suite 2.6.5.9.1-signed - March 11, 2013
---------------------------------------------------------

| v 2.6.5.9
| =========================================================================
| x Fixed `outlook.com <http://outlook.com>`__ UI broken in Nightly by
  work-around for bug 677050
| (thanks Raùl Duràn of Microsoft for troubleshooting help)
| - Removed STS support for Gecko >= 4, which provides built-in HSTS
| x Work around for multiple object creation causing UI inconsistencies
| (thanks al_9x for reporting)
| x [XSS] Work-around for false positives caused by Gecko >= 18 changes in
| Function.prototype.toSource() (thanks yahoo mail user for report)

NoScript Security Suite 2.6.5.8.1-signed - Feb. 26, 2013
--------------------------------------------------------

| v 2.6.5.8
| =========================================================================
| + Automatic Google Analytics web bugs blocking if
  `google-analytics.com <http://google-analytics.com>`__ is
| not whitelisted
| + "Mark as untrusted" button on the site info page (thanks SwissBIT for
| RFE)
| + "Allow"/"Forbid"/"Mark as untrusted" icons on the site info buttons
| x Inclusion type checks exception for `yandex.st <http://yandex.st>`__
| x [XSS] Exception for requests across \*.photobucket.com subdomains, which
| may legitimately contain syntactically valid Javascript fragments
| (thanks RAJAH235 for reporting)

NoScript Security Suite 2.6.5.7.1-signed - Feb. 18, 2013
--------------------------------------------------------

| v 2.6.5.7
| =========================================================================
| x Made "Yes, remove all protections" the default button in the removal
| warning dialog
| x [XSS] Fixed post-response encoding checks applied to UTF-8 pages too
| (thanks Masato Kinugawa for reporting)
| x [XSS] Removed host redirection chance on XSS-vulnerable pages (thanks
| Masato Kinugawa for reporting)
|  
| v 2.6.5.6
| =========================================================================
| x [XSS] Smarter syntax check optimization, removes harmful side effect
| (thanks Masato Kinugawa for reporting)
| v 2.6.5.5
| =========================================================================
| x [XSS] Fixed bug in broken string literals balancing (thanks Masato
| Kinugawa for reporting)
| v 2.6.5.4
| =========================================================================
| + [XSS] Obfuscated string literals detection (thanks Masato Kinugawa for
| reporting)
| v 2.6.5.3
| =========================================================================
| x [XSS] Improved parsing while decoding mixed-charset encoded URLs
| (thanks Masato Kinugawa for reporting)
| + [XSS] Better decoding of maliciously mixed-charset encoded strings
| (thanks Masato Kinugawa for reporting)
| v 2.6.5.2
| =========================================================================
| x [XSS] Work-around for a Gecko race condition allowing some
| script-enabled attackers to make the charset-mismatch checks abort
| prematurely (thanks Masato Kinugawa for reporting)
|  
| v 2.6.5.1
| =========================================================================
| + [XSS] Forced unicode conversions more resilient to invalid input
| (thanks Masato Kinugawa for reporting)
| v 2.6.5
| =========================================================================
| + [XSS] More exotic charset awareness added to script injection checks
| (thanks Masato Kinugawa for reporting)
| x [XSS] Removed limited injection chance allowing redirection of XSS
| vulnerable pages to an integral IP (thanks Masato Kinugawa for
| reporting)
| + "Security Downgrade Warning" suggests blacklist mode as a better option
| than uninstalling, to retain scripting-unrelated protections
| - Removed legacy uninstall hooks and related localized strings

NoScript Security Suite 2.6.4.4.1-signed - Jan. 29, 2013
--------------------------------------------------------

| v 2.6.4.4
| =========================================================================
| x Fixed plugin placeholders not shown for plugin documents on Gecko >= 19
| (thanks therube for reporting)
| + [Surrogate] Support for callbacks in Google Analytics' \_gaq.push()
| method (thanks Paola Moro for reporting)
| + Allow/Forbid button on the site info page (thanks Edward Huff for RFE)

NoScript Security Suite 2.6.4.3.1-signed - Jan. 14, 2013
--------------------------------------------------------

| v 2.6.4.3
| =========================================================================
| x [Surrogate] Less aggressive but more compatible `adf.ly <http://adf.ly>`__
  surrogate (it
| automatically skips ad but requires scripts enabled on
  `adf.ly <http://adf.ly>`__)
| x Fixed whitelist listbox couldn't be fully selected by CTRL+A in recent
| Firefox versions (thanks Guardian for reporting)
| + [Surrogate] `dimtus.com <http://dimtus.com>`__ scriptless automatic image
  revelation
| + [Surrogate] `imageteam.org <http://imageteam.org>`__ scriptless automatic
  image revelation
| x [External Filters] Fixed cache API compatibility issue

NoScript Security Suite 2.6.4.2.1-signed - Dec. 27, 2012
--------------------------------------------------------

| v 2.6.4.2
| =========================================================================
| x [ClearClick] Fixed miscalculations in screenshot comparison
| x Fixed wrong placeholder position for standalone HTML 5 video content
| (thanks mjh563 for reporting)
| + "Appearance" option to hide the "About NoScript" menu item
| x Deny loading of any empty Flash object
| x Fixed HSB locale (thanks Michael Wolf)
| x Fixed forced HTTPS breaks redirects on Firefox >= 18 (thanks mjh563 for
| reporting)
| x Work-around for Gecko calling nsIContentPolicy::shouldProcess() with
| null location for Flash objects sometimes (thanks al_9x for report)
| x Fixed broken early HTTP observer on Firefox >= 18 (thanks aloishammer
| for reporting)
| x Fixed anti-popunder surrogate breaking BFCache (thanks whatever for
| reporting)

NoScript Security Suite 2.6.4.1.1-signed - Dec. 17, 2012
--------------------------------------------------------

| v 2.6.4.1
| =========================================================================
| x Fixed new placeholder close button being hidden on some Youtube pages
|  
| v 2.6.4
| =========================================================================
| x [XSS] Improved compatibility with Twitter's cross-site requests
| + Close button on embedding placeholder (like using shift+click on the
| placeholder itself). Shift clicking the close button bypasses it.
| x Fixed placeholders intercepting clicks from overlaid elements (thanks
| al_9x)
| x Fixed unbound embed enablement confirmation dialog size (thanks therube
| for reporting)

NoScript Security Suite 2.6.3.1-signed - Dec. 4, 2012
-----------------------------------------------------

| v 2.6.3
| =========================================================================
| x [XSS] Further tweaks to reduce false positives (thanks Edward C. Kim
| for reporting)
| x [XSS] The "maybe JS" step now removes leading parens, reducing false
| positives e.g. on Picasa (thanks jerriy for reporting)
| x [Surrogate] Work-around for anti-popunder surrogate causing Ebay to
| recreate phantom cookies on page unload (thanks mjh563 for reporting)
| x Work-around for some extensions (e.g. Adblock Plus, Tab Mix Plus)
| breaking bookmarlets and URL bar Javascript support after being updated
| for Firefox 17
| x Removed some console noise
| + [Surrogate] Updated `adf.ly <http://adf.ly>`__ surrogate to work with new
  links

NoScript Security Suite 2.6.2.1-signed - Nov. 22, 2012
------------------------------------------------------

| v 2.6.2
| =========================================================================
| x Fixed Google links anonymizer surrogate interfering with the "Search
| tools" button (thanks Sledge Fox and Brian Admire for reporting)
| x Fixed impossible to copy lines from Console² if opened by NoScript
| (thanks therube for reporting and Phil Chee for suggestion)
| x [XSS] Exception for `wpcomwidgets.com <http://wpcomwidgets.com>`__ safe
  inclusions
| x Slightly reduced About box width (thanks GµårÐïåñ for RFE)

NoScript Security Suite 2.6.1.1-signed - Nov. 13, 2012
------------------------------------------------------

| v 2.6.1
| =========================================================================
| x [XSS] Better compatibility with Ebay's saved searches
| + [Surrogate] `Imagebax.com <http://Imagebax.com>`__ scriptless ads skipping
  redirection
| x Fixed first non-cached page load in a session from about:newtab failing
| - Removed legacy XUL script blocking code
| + Added optional diagnostic to centralized channel aborting
| x Fixed bug in Java URLs resolution

NoScript Security Suite 2.6.1-signed - Nov. 2, 2012
---------------------------------------------------

| v 2.6
| =========================================================================
| x Improved long URL wrapping for more manageable plugin placeholder
| tooltips
| x Fixed ABE notifications bleeding out of the viewport when very long
| URLs are involved
| + [Surrogate] More efficient deferred script loading and syntax check,
| saves memory and startup time from unused surrogates
| + [Surrogate] `Picbucks.com <http://Picbucks.com>`__ scriptless ads skipping
  redirection
| + [Surrogate] `Imagebunk.com <http://Imagebunk.com>`__ scriptless image
  revealing
| + [Surrogate] `Picsee.net <http://Picsee.net>`__ scriptless image revealing
| + Added navigator.doNotTrack property support

NoScript Security Suite 2.5.9.1-signed - Oct. 26, 2012
------------------------------------------------------

| v 2.5.9
| =========================================================================
| + Added `afx.ms <http://afx.ms>`__ and `gfx.ms <http://gfx.ms>`__ (fully
  controlled by Microsoft, no user content
| allowed) to the default whitelist (required by MS mail services)
| + [XSS] Removed false positive on some Google Gadgets; the work-around
| can be disabled by setting the noscript.filterXExceptions.ggadgets
| about:config preference to false (thanks Silvana for reporting)
| + Added new fake mimetype placeholder "FRAME" to match FRAMEs and IFRAMES
| with the noscript.allowedMimeRegExp preference
| + Made mimetype whitelisting through the noscript.allowedMimeRegExp
| preference work with FRAMEs and IFRAMEs as well
| x Fixed redirections involving sites marked as untrusted causing
| inconsistencies in page permissions, with JavaScript being blocked even
| if the site is whitelisted (thanks al_9x for reporting)
| x Fixed regression on older Gecko versions causing NoScript to believe
| the browser is proxied when it's not

NoScript Security Suite 2.5.8.1-signed - Oct. 17, 2012
------------------------------------------------------

| v 2.5.8
| =========================================================================
| x Work-around for unique origins being assigned to URL bar loads by Gecko
| 16 and above interfering with some ABE rules
| x Work-around for bug 797684 patch causing ABE's Sandbox action to fail
| x Work-around for regression from Mozilla bug 797684 fix causing frames
| not to be blocked correctly in recent >= 18 builds
| x Slightly revised About box to make more room for contributors

NoScript Security Suite 2.5.7.1-signed - Oct. 5, 2012
-----------------------------------------------------

| v 2.5.7
| =========================================================================
| x Fixed synchronous timeout emulation ordering bug in bookmarklet
| execution on scriptless pages (thanks Infocatcher for reporting)
| x [XSS] Fixed comment preprocessing optimization affecting free
| JavaScript detection, thanks Masato Kinugawa for reporting
| x [XSS] Fixed second order data: URLs sanitization issue, thanks Masato
| Kinugawa for reporting
| x Fixed meta refresh blocker notification bar broken on Gecko < 4 (thanks
| nitou for reporting)
| x Fixed iframe placeholder positioning issue (thanks al_9x for report)
| x Fixed regression in placeholder positioning (thanks al_9x for report)
| x [ClearClick] Fixed false positive on cross-site SVG document embeddings
| (thanks Steffen for reporting)

NoScript Security Suite 2.5.6.1-signed - Sept. 24, 2012
-------------------------------------------------------

| v 2.5.6
| =========================================================================
| x [XSS] Fixed slow regular expression causing some base64 request
| payloads to trigger false positives (thanks Mirko Tasler for reporting)
| + Force placeholders to frontmost position e.g. on HTML 5 Youtube content
| + New icon for blocked embeddings on globally allowed pages (thanks
| therube for RFE)

NoScript Security Suite 2.5.5.1-signed - Sept. 12, 2012
-------------------------------------------------------

| v 2.5.5
| =========================================================================
| + More reliable Java applet origin identification
| x Cross-browser work-around for
| https://bugzilla.mozilla.org/show_bug.cgi?id=789773

NoScript Security Suite 2.5.4.1-signed - Sept. 4, 2012
------------------------------------------------------

| v 2.5.4
| =========================================================================
| x Fixed HTTP checks not being skipped anymore for some chrome-generated
| XMLHttpRequest requests because of a Gecko 15 change
| x Work-around for cloned DOM nodes not retaining additional
| chrome-attached information anymore, thus breaking placeholders in some
| cases (thanks al_9x for reporting)
| x Fixed placeholder post-enablement event channeling broken by Sandbox
| changes
| x Fixed placeholder sizes messed up by changes in Gecko 17
| x Work-around for broken content policy call for Java plugin on Gecko 17
| and above (thanks marty60 for reporting)

NoScript Security Suite 2.5.3.1-signed - Aug. 27, 2012
------------------------------------------------------

| v 2.5.3
| =========================================================================
| x [XSS] Fixed false positives on URLs containing an ASP.NET cookieless
| session identifier (thanks Trupti Chaudhari for reporting)
| + noscript.eraseFloatingElements about:config preference to switch the
| mousedown + del key floating popup erasing feature off and on
| x Limited the mousedown + del key floating popup erasing feature to pages
| where scripts are forbidden and to absolute or fixed position elements
| x Fixed JavaScript URL non-void expression evaluation in the URL bar
| causing scripts to get globally allowed (thanks al_9x for reporting)
| x [XSS] Work-around for a Gecko URL parsing quirk (thanks .mario for
| reporting)

NoScript Security Suite 2.5.2.1-signed - Aug. 22, 2012
------------------------------------------------------

| v 2.5.2
| =========================================================================
| x [ClearClick] Improved protection against clickjacking timing attacks
| (thanks Nafeez Ahmed for reporting)
| x Fine tuned floating div (in-page popup) removal by locking it to the
| nearest positioned ancestor and swallowing the mouseup event if the
| DEL key has been hit after last mousedown

NoScript Security Suite 2.5.1.1-signed - Aug. 12, 2012
------------------------------------------------------

| + Holding the left mouse button down on a page element and hitting the
| DEL key will remove it (useful to forcibly kill in-page popups when
| scripts are disabled)
| x Fixed Acid3 test scoring 99 instead of 100 because of a Cursorjacking
| protection implementation detail
| - Disabled LiveConnect interception on Gecko 16 or better, since Java
| globals have been removed from the DOM
| x [XSS] Work-around for Mozilla TBPL DOS (thanks Daniel Holbert for
| reporting)
| x Fixed Silverlight and Flash scripted initialization patches being
| broken by recent JavaScript interpreter changes
| x Work-around for `hp-ww.com <http://hp-ww.com>`__ misconfiguration
  (JavaScript files served
| with bogus content-type header)

NoScript Security Suite 2.5.1-signed - July 29, 2012
----------------------------------------------------

| v 2.5
| =========================================================================
| + [XSS] Improved XML handling algorithm preserves E4X detection accuracy
| while removing false positives, e.g. against OAUTH payloads
| x Work-around for additional browser tools placed on the bottom of the
| content messing with NoScript's notification height (thanks ochristi
| for report)
| x [XSS] Added exception for self-injecting
  `yahoo.com/yimg.com <http://yahoo.com/yimg.com>`__ frames (can
| be disabled by setting the noscript.filterXExceptions.yahoo
| about:config preference to false)
| x Fixed placeholders for absolutely positioned elements may cause layout
| glitches (thanks al_9x for reporting)
| x Fixed interaction with built-in Firefox's click-to-play causing
| infinite object activation loop (thanks al_9x for reporting)

NoScript Security Suite 2.4.9.1-signed - July 20, 2012
------------------------------------------------------

| v 2.4.9
| =========================================================================
| + Added ability to replace obsolete default whitelist entries
| x Replaced `browserid.org <http://browserid.org>`__ with
  `persona.org <http://persona.org>`__ in the default whitelist
| x Improved anti-DOS protection
| x Better usability with some HTML5 Youtube videos (thanks Mike Perry
| for reporting)
| x Reverted to the ctrl+shift+S main keyboard shortcut
| x [XSS] Fixed XML preprocessing breaking detection of some E4X
| constructs (thanks Pepe Vila for reporting)
| + [XSS] Protection against error-based SQLI with a XSS payload (thanks
| Ashar Javed for reporting, original disclosure by Keith Makan)

NoScript Security Suite 2.4.8.1-signed - July 10, 2012
------------------------------------------------------

| v 2.4.8
| =========================================================================
| x Work-around for Mozilla bug 771655 (broken debugger)
| x Changed default UI shortcut to ctrl+shift+N because ctrl+shift+S is
| taken by the debugger
| x Fixed feed: and pcast: URLs not being unwrapped in some checks (thanks
| Alex Inführ for reporting)
| x Removed assumptions of a body element from some code paths which may
| handle generic XML documents

NoScript Security Suite 2.4.7.1-signed - June 28, 2012
------------------------------------------------------

| v 2.4.7
| =========================================================================
| x [ClearClick] Fixed Tumblr widgets false positive (thanks @Raydere for
| report)
| x [XSS] Fixed false positive with some Base64-encoded Yahoo News
| subrequests
| x Fixed regression, noscript.allowedMimeRegExp not working anymore for
| plugins other than Java, Flash and Silverlight
| x Auto-anchored multi-valued regexp preferences can now be separated by
| regular spaces rather than just newlines (this behavior was documented
| but not actually implemented for noscript.allowedMimeRegExp)

NoScript Security Suite 2.4.6.1-signed - June 12, 2012
------------------------------------------------------

| v 2.4.6
| =========================================================================
| x [XSS] Updated execution sink checks (thanks Masato Kinugawa for report)
| x [XSS] Fixed newline parsing bug (thanks Masato Kinugawa for report)
| x [XSS] Fixed document.cookie minimal assignment false negative (thanks
| Masato Kinugawa for report)
| x [XSS] Fixed dotted query parameter names false positives, affecting
| OpenID, Hotmail and other services (thanks Gavin H for report)
| x Fixed some messages being dumped to the console even if logging is
| turned off (thanks marbler for report)

NoScript Security Suite 2.4.5.1-signed - June 10, 2012
------------------------------------------------------

| v 2.4.5
| =========================================================================
| + [XSS] Improved E4X handling (thanks Masato Kinugawa for report)
| x [XSS] Fixed regression allowing some alert-only PoCs (thanks Soroush
| Dalili and Ahamed Nafeez for reporting)
| x [XSS] Improved unconventional assignments detection (thanks Masato
| Kinugawa for report)
| x [Locale] Corrected he-IL merge (thanks baryoni)
| x [XSS] Improved data: URIs detection (thanks Masato Kinugawa for report)
| + [XSS] More regular expression objects caching as a speed optimization
| - [XSS] Removed optimization shortcut causing false negatives on some
| kind of concatenated assignments (thanks Masato Kinugawa for report)
| + [XSS] Improved "Maybe JS" heuristic (thanks Masato Kinugawa for report)
| + [XSS] More aggressive obsolete charsets filtering (thanks Masato
| Kinugawa for report)

NoScript Security Suite 2.4.4.1-signed - June 4, 2012
-----------------------------------------------------

| v 2.4.4
| =========================================================================
| x [Locale] Updated he-IL (thanks baryoni)
| x Fixed early synthetic DNS notification causing blank stripe on the
| bottom of the first browser window if started maximized or fullscreen
| - Removed Firefox 2.x compatibility code
| x Fixed regression from 2.4.3rc3 causing same-site stylesheets to be
| checked for mime type mismatches and XSLT inclusions to be incorrectly
| blocked (thanks hanfi for reporting)

NoScript Security Suite 2.4.3.1-signed - May 27, 2012
-----------------------------------------------------

| v 2.4.3
| =========================================================================
| x Fixed JS links detection not resolving JS string escapes (thanks vyznev
| for reporting)
| x Fixed HTML 5 parser detection in META refresh processing being broken
| by a removed browser preference
| x Fixed exception raised by inclusion type checks when parent document's
| URI has no host
| + [XSS] Better detection of free inline script injections (without string
| literal evasion) inside function calls
| + The noscript.allowedMimeRegExp preference now applies also to Java,
| Flash and Silverlight mime types

NoScript Security Suite 2.4.2.1-signed - May 19, 2012
-----------------------------------------------------

| v 2.4.2rc7
| =========================================================================
| x [ABE] IPv6 link-local addresses (fe80:/10) are not considered belonging
| to the LAN anymore for the purpose of cross-zone request forgery checks
| in order to safely work-around DNS misconfiguration issues in the wild
| (thanks siu and ralf for reporting)
| x [ABE] Fixed router WEB UI fingerprinting failing on some devices
| because of redirection loops
| x [XSS] Protection against HPP attacks exploiting URL parsing quirks
| specific to ASP Classic (thanks Soroush Dalili for reporting)
| x Fixed first application updates check failing on Nightly (bug 754393)
| x [XSS] Fixed false positive regression on some file hosting sites (thanks
| Janne Maekelae for reporting)

NoScript Security Suite 2.4.1.1-signed - May 10, 2012
-----------------------------------------------------

| v 2.4.1
| ==========================================================================
| + [XSS] Protection against exploitation of classic MS ASP's coalescing of
| same-name query parameters (thanks Soroush Dalili for reporting)
| + [XSS] Protection against URL injections in in
  `window.name <http://window.name>`__
| x [XSS] Fixed case-sensitivity bug in detection of unicode escape
| sequences (thanks Masato Kinugawa for reporting)
| + [Surrogate] `adagionet.com <http://adagionet.com>`__ inclusion surrogate
| x Fixed "Allow sites open through bookmarks" regression (thanks jerryi and
| therube for reporting)
| x [XSS] Fixed bug in the InjectionChecker tokenization (thanks Phil
| Purviance for reporting)
| + Added inclusion type check exception to the lesscss Google Code file
| repository, often used as a CDN

NoScript Security Suite 2.4.1-signed - May 4, 2012
--------------------------------------------------

| v 2.4rc8
| ==========================================================================
| x [XSS] Improved global exception injection detection
| x [XSS] Fixed bug in late `window.name <http://window.name>`__ payload
  checking (thanks Soroush
| Dalili for reporting)
| x [Locale] Fixed broken overlay on Basque localized browsers (for real
| this time, thanks afa for reporting)
|  
| v 2.4rc7
| ==========================================================================
| + [XSS] Improved InjectionChecker detection of in-code multiple insertions
| (thanks Krzysztof Kotowicz)
| + [XSS] InjectionChecker detection of single assignment evaluation through
| global exception handling (thanks Gareth Heyes)
| x [Locale] Fixed broken overlay on Basque localized browsers (thanks afa
| for reporting)
|  
| v 2.4rc6
| ==========================================================================
| + [Surrogate] Skimlinks surrogate script (thanks Drewett for reporting)
|  
| v 2.4rc5
| ==========================================================================
| x Improved temporary permissions management during bookmarklet execution
|  
| v 2.4rc4
| ==========================================================================
| x Fixed 2.4rc3 regression in url bar JavaScript execution
| v 2.4rc3
| ==========================================================================
| x Fixed bookmarklet couldn't be executed on blacklisted sites in "Globally
| Allow" mode (thanks tharpa for reporting)
|  
| v 2.4rc2
| ==========================================================================
| x [ClearClick] Fixed cross-site clicks blocked on Firefox < 3.6 (thanks
| Janet Whipple for reporting)
|  
| v 2.4rc1
| ==========================================================================
| x [Surrogate] Fixed surrogates broken on Nightly

NoScript Security Suite 2.3.9.1-signed - April 26, 2012
-------------------------------------------------------

| v 2.3.9
| ==========================================================================
| + [ClearClick] More tolerant snapshot comparation algorithm (partially
| backported from NSA) to reduce false positives (tweaked by the
| noscript.clearClick.threshold percentage value in about:config)
| - Removed about:credits from default whitelist
| x [ClearClick] Fixed false positives (e.g. on embedded Vimeo movies) in
| obscuration by windowed plugins checks
| x Fixed compatibility regressions on Firefox 3.x
| x Following links from the About dialog now closes it (thanks Guardian for
| suggestions)
| x Fixed NOSCRIPT META refreshes blocking not working when scripts are
| globally allowed (thanks and Ken and Tom T. for reporting)
| x [ClearClick] Fixed false positives caused by accelerated graphics with
| some plugin content

NoScript Security Suite 2.3.8.1-signed - April 19, 2012
-------------------------------------------------------

| v 2.3.8
| ==========================================================================
| + Smart integration with the new browser-native click to play: if a plugin
| object is manually allowed from NoScript's UI, it gets also natively
| activated (noscript.smartClickToPlay about:config preference)
| + Improved active content identity tracking, to avoid redundant blocking
| steps across reloads
| x Fixed redirections in legacy frames not being blocked (thanks "utente"
| for reporting)
| x [Surrogate] Surrogate to fix broken buttons at Uniblue e-commerce site

NoScript Security Suite 2.3.7.1-signed - April 7, 2012
------------------------------------------------------

| v 2.3.7
| ==========================================================================
| x [ClearClick] Work-around for "rapid fire" protection interfering with
| some add-ons, such as 1Password (thanks Mike Tselikman for report) and
| FloatNotes (thanks endofmiles and Tom T. for reports)
| x [ClearClick] Compatibility with Bitdefender TrafficLight (thanks
| Christopher A. M. Gerlach for reporting)
| x [XSS] Enhanced InjectionChecker tolerance to certain URL patterns
| containing domain-names as parameter values (thanks gazer75 for report)

NoScript Security Suite 2.3.6.1-signed - March 26, 2012
-------------------------------------------------------

| v 2.3.6
| ==========================================================================
| x Restored Nightly compatibility, broken by bug 719154
| + [ClearClick] improved compatibility with Disqus widgets (thanks El Cid
| for reporting)
| + [AddressMatcher] Optimized trailing "*" in glob expressions
| x Fixed origin URL detection flawed when certain wrapped URIs are loaded
| (thanks Masato Kinugawa for reporting)
| x [XSS] Fixed false positive with query string patterns mimicking array
| access (thanks Aicke Schulz for reporting)

NoScript Security Suite 2.3.5.1-signed - March 16, 2012
-------------------------------------------------------

| v 2.3.5
| ==========================================================================
| x Work-around for a Flash 32-bit issue (64-bit Firefox unaffected) causing
| Google Music Player to fail (thanks DG42 for original report, Alan Baxter
| for providing a test account, all the forum staff and many users for
| their help in reproducing)
| x [ABE] Fixed "Sandbox" action permanently disabling plugins, frames and
| meta refreshes on the affected tab even if document changes (thanks
| Tom T. and Patrick E. for reporting)
| x [ClearClick] Better special-casing for same-site embedded objects
| x [Surrogate] Global variables introduced by sandboxed surrogates are
| attached as window properties after execution to fix recently surfaced
| scope-related bugs
| x [XSS] Better `window.name <http://window.name>`__ protection (thanks Masato
  Kinugawa for report)
| x [XSS] Improved detection of javascript: URL injections

NoScript Security Suite 2.3.4.1-signed - March 8, 2012
------------------------------------------------------

| v 2.3.4
| ==========================================================================
| x [ClearClick] Fixed subtle bug which may lead to infinite loops in some
| cases (thanks GµårÐïåñ for reporting)
| v 2.3.3
| ==========================================================================
| + Improved InjectionChecker logging
| x Reduced false positive rate on HTML injection checks (thanks therube for
| reporting)
| x [ClearClick] Fixed clicking on some plugin content causing elements of
| the parent page to become white (thanks Markus Wienand for report)
| x [ClearClick] Fixed minor bugs triggered by ABP placeholders
| + [ClearClick] Protection against partial obscuration via Flash objects
| with OS-native wmode values (thanks David Lin-Shung Huang for reporting)
| x [XSS] Further sensitivity tweaks
| x [XSS] Better compatibility with some 3rd party ads on Ebay
| x [XSS] Fixed false positive on dotted name-value assignments chained with
| semicolons (e.g. on some Yahoo-served ads)

NoScript Security Suite 2.3.2.1-signed - Feb. 26, 2012
------------------------------------------------------

| v 2.3.2
| ==========================================================================
| x [XSS] Fixed regression in 2.3.2rc5 preventing some URLs from loading
| x [XSS] Removed issue on Chinese pages using HZ-GB-2312 encoding (thanks
| Masato Kinugawa for reporting)
| + [XSS] Added event injection checks for scriptless pages too, in order to
| prevent edge-case execution on permissions change
| x [XSS] Fixed InjectionChecker JavaScript scanning bug (thanks Masato
| Kinugawa for reporting)
| x [XSS] Improved HTML detection accuracy
| + Better tagging of surrogate sandboxes for about:memory debugging
| x Improved glinks surrogate

NoScript Security Suite 2.3.1.1-signed - Feb. 20, 2012
------------------------------------------------------

| v 2.3.1
| ==========================================================================
| + Surrogate to let news pages escape Digg's frame
| + [ClearClick] Improved compatibility with cross-frame overlapping shadows
| x Removed ClearClick bypass based on a Firefox SVG CSS filter bug (thanks
| .mario for reporting)
| + `adf.ly <http://adf.ly>`__ surrogate to automaticaly skip the interstitial
  page even if
| scripts are disabled
| x Improved Google search surrogates
| + New surrogate against Google's scriptless tracking of search results
| navigation

NoScript Security Suite 2.3.1-signed - Feb. 10, 2012
----------------------------------------------------

| v 2.3
| ==========================================================================
| x Fixed about:newtab not considered as a local origin by ABE
| + Added blob:, about:memory and about:support to the automatic whitelist
| x Added reflected script inclusion check exception for
  `intensedebate.com <http://intensedebate.com>`__
| x Fixed CSS issues on Gecko 1.8

NoScript Security Suite 2.2.9.1-signed - Feb. 4, 2012
-----------------------------------------------------

| v 2.2.9
| ==========================================================================
| + Right click on NoScript menu items copies the site to the clipboard, if
| any under the pointer, or all the page-related script sources prepended
| with a status mark: + for whitelisted, - for default, ! for untrusted (
| thanks Tom T. for RFE)
| + Added `browserid.org <http://browserid.org>`__ to the default whitelist
| x Improved default whitelist update mechanism
| x Fixed some Flash movies failing to load on Nightly (thanks Nova6K0 for
| reporting)
| x Fixed incompatibility between surrogates / content augmentations (e.g.
| toStaticHTML) and CSP (Content Security Policy), thanks Bruce Berry for
| reporting
| x NoScript won't attempt to load the release notes page if the site is
| unreachable
| v 2.2.9rc1
| ==========================================================================
| x Fixed ABE failing to recognize some FE80:\* IPv6 addresses as local ones
| (thanks Mitchum Owen for report)

NoScript Security Suite 2.2.8.1-signed - Jan. 24, 2012
------------------------------------------------------

| v 2.2.8
| ==========================================================================
| x [ClearClick] Fixed regression, 2.2.8rc1 swallowing clicks on some nested
| documents
| v 2.2.8rc1
| ==========================================================================
| x [ClearClick] Protection against Koto's Cursorjacking technique disclosed
| at http://blog.kotowicz.net/2012/01/cursorjacking-again.html

NoScript Security Suite 2.2.7.1-signed - Jan. 18, 2012
------------------------------------------------------

| v 2.2.7
| ==========================================================================
| x [ClearClick] Protection against two steps interaction attack based on
| HTML5 DnD (thanks .mario for reporting)

NoScript Security Suite 2.2.6.1-signed - Jan. 12, 2012
------------------------------------------------------

| v 2.2.6
| ==========================================================================
| x [XSS] Fixed sanitization reporting bug
|  
| v 2.2.6rc1
| ==========================================================================
| + [XSS] Protection against new kind of response splitting + XSS combo
| attack responsibly disclosed by Mike Brooks

NoScript Security Suite 2.2.5.1-signed - Jan. 3, 2012
-----------------------------------------------------

| v 2.2.5
| ==========================================================================
| x [ClearClick] Better compatibility with recent Disqus widget versions
|  
| v 2.2.5rc3
| ==========================================================================
| x [XSS] Better compatibility with Verified by VISA
  (`www.securesuite.net <http://www.securesuite.net>`__)
| x Tentative work-around for bug 710170
|  
| v 2.2.5rc2
| ==========================================================================
| x Work around for Linux tooltips obstructing the embedding unblocking
| confirmation dialog
|  
| v 2.2.5rc1
| ==========================================================================
| x Work around for Mozilla bug 712649

NoScript Security Suite 2.2.4.1-signed - Dec. 18, 2011
------------------------------------------------------

| v 2.2.4
| ==========================================================================
| x Fixed some localizations having newlines replaced with 'n' characters
|  
| v 2.2.4rc3
| ==========================================================================
| x Fixed regression in SWFObject emulation for plugin placeholders
| x Fixed top-level surrogates broken by ECMAv5 version specification
|  
| v 2.2.4rc2
| ==========================================================================
| + [ClearClick] Enhanced protection against same-window timing attacks
| with moving pointer (thanks Michal Zalewski for PoC)
| x SyntaxChecker's JavaScript version can be configured per-instance
| (default "1.5")
| x [Surrogate] JavaScript version set to "ECMAv5"
| x [Surrogate] Use "ECMAv5" for early syntax checks
|  
| v 2.2.4rc1
| ==========================================================================
| x Fixed reflected script inclusion false positive on redirections
| - Removed "Forbid Web Bugs", which cannot be reliably enforced anymore
| because of speculative parsing
| x Restored `wlxrs.com <http://wlxrs.com>`__ in the default whitelist (it had
| accidentally changed back to two subdomains)
| x Fixed resetting options doesn't erase the untrusted blacklist until
| browser restart (thanks ddigas for reporting)

NoScript Security Suite 2.2.3.1-signed - Dec. 2, 2011
-----------------------------------------------------

| v 2.2.3rc4
| ==========================================================================
| + Configuration import/export directory is persisted across sessions
|  
| v 2.2.3rc3
| ==========================================================================
| + Generalized checks on drag and drop payloads
| + [XSS] Tightened checks on reflected javascript: URIs
|  
| v 2.2.3rc2
| ==========================================================================
| x [Surrogate] DOMContentLoad listeners on windows (thanks al_9x for RFE)
|  
| v 2.2.3rc1
| ==========================================================================
| + [Surrogate] Capturing DOMContentLoad listeners (thanks al_9x for RFE)
| + [Surrogate] More homogeneous treatment for file-based surrogates (thanks
| al_9x for RFE)
|  
| v 2.2.2rc5
| ==========================================================================
| + [Surrogate] Wrapped in lexical scoped blocks scripts also when debug
| mode is on (thanks al_9x for RFE)
| + [Surrogate] Early one-time syntax checks on setup (thanks al_9x for RFE)
| x [ClearClick] Better compatibility with some GMail embeddings
| x [XSS] Better compatibility with Visual Studio in-browser documentation
| x [ClearClick] Fixed Adblock Plus causing false positives on Fx 3.6
| x Improved HTML 5 DnD XSS protection (thanks Soroush Dalili for reporting)
| x [Locale] Latvian (thanks gymka)
|  
| v 2.2.2rc4
| ==========================================================================
| x Protection against a new XSS technique based on HTML 5 DnD (thanks
| Soroush Dalili for reporting)
|  
| v 2.2.2rc3
| ==========================================================================
| x Better compatibility with credit card verification systems
| x [ABE] Fixed ruleset disablement status not surviving browser restarts
| (thanks ssj100 for reporting)
|  
| v 2.2.2rc2
| ==========================================================================
| x Fixed escaped_fragment handling issue with proxies (thanks sourcejedi
| for reporting)
| x Turned remaining channel URI modification instances into
| ChannelReplacement clients
|  
| v 2.2.2rc1
| ==========================================================================
| + [XSS] Explicit check for potentially dangerous SMIL elements (thanks
| .mario for suggestion)
| + Protection against scriptless keylogging (thanks .mario for reporting)

NoScript Security Suite 2.2.1.1-signed - Nov. 20, 2011
------------------------------------------------------

| v 2.2.1
| ==========================================================================
| + [Locale] Updated he-il (thanks baryoni)
| x [ClearClick] Fixed incompatibility with the FoxTab add-on
|  
| v 2.2.1rc2
| ==========================================================================
| + [XSS] Deeper decoding on sanitization (thanks .mario for reporting)
|  
| v 2.2.1rc1
| ==========================================================================
| + [XSS] More accurate recursive decoding (thanks .mario for reporting)

NoScript Security Suite 2.2.1-signed - Nov. 15, 2011
----------------------------------------------------

| v 2.2
| ==========================================================================
| + [ClearClick] Improved protection against Clickjacking on nested windowed
| Flash targets (thanks Sommerrain and Tom T for reporting)

NoScript Security Suite 2.1.9.1-signed - Nov. 7, 2011
-----------------------------------------------------

| v 2.1.9
| ==========================================================================
| x [Surrogate] fixed breakage caused by "1.8.1" JavaScript version spec
| used instead of "1.8"
|  
| v 2.1.9rc3
| ==========================================================================
| + [Surrogate] JavaScript 1.8 support (thanks al_9x for RFE)
| + Better heuristic for XSSI detection
| - Removed previous work-around XSSI exceptions
| x Fixed some DOM traversal bugs (thanks al_9x for reporting)
| x Refined Google search meta refresh blocking exception
| x Added meta refresh blocking exception for `t.co <http://t.co>`__ (Twitter
  URL shortener)
| v 2.1.9rc2
| ==========================================================================
| x Work-around for XSSI checks breaking some Yahoo! Mail features
| v 2.1.9rc1
| ==========================================================================
| + New noscript.forbidMetaRefresh.exceptions url pattern preference
| + Meta refresh blocking exception for Google Search (blank page shown
| otherwise if meta refresh blocking is enabled, cookies are disabled for
| Google and Google Search scripting is forbidden)

NoScript Security Suite 2.1.8.1-signed - Oct. 27, 2011
------------------------------------------------------

| v 2.1.8
| ==========================================================================
| + Improved anti-popunder built-in surrogate
| x Fixed object autowiring upon placeholder activation regressed by recent
| surrogate sandboxing changes
|  
| v 2.1.8rc2
| ==========================================================================
| + noscript.xss.checkInclusions about:config preference (default true)
| controls whether the new protection against reflected cross-site script
| inclusion (XSSI) is enabled or not (thanks al_9x for RFE)
| + noscript.xss.checkInclusions.exceptions about:confing preference to
| disable XSSI checks for certain script sources (thanks al_9x for RFE)
| v 2.1.8rc1
| ==========================================================================
| + Protection against reflected script inclusion (thanks tlu for reporting)
| x Fixed logged error message on permissions change (thanks Archaeopteryx
| for reporting)

NoScript Security Suite 2.1.7.1-signed - Oct. 21, 2011
------------------------------------------------------

| v 2.1.7
| ==========================================================================
| x [ABE] Fixed subrequests matching an Anon action rule not being shown in
| the logs if already anonymized by the browser
|  
| v 2.1.7rc1
| ==========================================================================
| x Fixed error console noise regression from menu fixes (thanks al_9x and
| Archaeopteryx for reporting)
|  
| v 2.1.6rc2
| ==========================================================================
| + noscript.keys.tempAllowPage about:config preference to configure a
| keyboard shortcut for "Temporarily allow all this page"
| + noscript.keys.revokeTemp about:config preference to configure a keyboard
| shortcut for "Revoke temporary permissions"
| + noscript.menuAccelerators about:config preference to switch keyboard
| accelerators for "(Temporary) allow all this page" menu items on/off
| x Fixed notifications get all shown on the top in a tab where one
| notification has already been shown on the top
| x Fixed quasi-leak (zombie compartment) after using the NoScript menu on
| a page where embedded content is present, until the menu is opened on
| another page (thanks Archaeopteryx for reporting)
| x [ABE] Fixed Anonymize actions logged twice (thanks al_9x for reporting)
|  
| v 2.1.6rc1
| ==========================================================================
| x [Surrogate] Fixed sandboxed surrogates unable to set global variables

NoScript Security Suite 2.1.5.1-signed - Oct. 12, 2011
------------------------------------------------------

| v 2.1.5
| ==========================================================================
| x Improved object wiring emulation on placeholder activation (thanks al_9x
| for report and code)
|  
| v 2.1.5rc3
| ==========================================================================
| + [Surrogate] noscript.surrogate.sandbox preference to control the
| execution method for inclusion surrogates
|  
| v 2.1.5rc2
| ==========================================================================
| x Work-around for CORS incompatibility with internal redirects
| - Removed legacy threading management support
|  
| v 2.1.5rc1
| ==========================================================================
| x [Surrogate] Surrogates triggered by content policy calls get executed in
| a sandbox
| x Moved SWFObject and Silverlight patching to early scripts
| x Replaced every reference to XHR's "on..." event handler properties with
| their addEventListener() counterparts, to cope with bug 687332 fallouts

NoScript Security Suite 2.1.4.1-signed - Sept. 28, 2011
-------------------------------------------------------

| v 2.1.4
| ==========================================================================
| x Fixed speculative parsing causing inclusion surrogates to be executed
| twice (thanks al_9x for reporting)
|  
| v 2.1.4rc1
| ==========================================================================
| x More efficient and Gecko-friendly HTTPS enforcing method

NoScript Security Suite 2.1.2.8.1-signed - Sept. 12, 2011
---------------------------------------------------------

| v 2.1.2.8
| ==========================================================================
| x Fixed placeholders hard to activate on HTML 5 Youtube videos
|  
| v 2.1.2.8rc2
| ==========================================================================
| x [XSS] Improved out-of-the-box compatibility with some Facebook games
| x Fixed plugin blocking not working sometimes on file:// pages
| loadeded before any network activity (thanks nagan for reporting)
|  
| v 2.1.2.8rc1
| ==========================================================================
| + Google Plus One surrogate (thanks al_9x for code)
| - Removed `t.co <http://t.co>`__ surrogate, since Twitter implemented a
  NOSCRIPT fallback

NoScript Security Suite 2.1.2.7.1-signed - Aug. 28, 2011
--------------------------------------------------------

| v 2.1.2.7
| ==========================================================================
| x Better load progress feedback for hosts which are not DNS-cached yet
| (thanks al_9x for reporting)
|  
| v 2.1.2.7rc3
| ==========================================================================
| x Improved Google Analytics surrogate (thanks al_9x for code)
| x More intuitive handling of the "live" behavior of the ABE ruleset editor
| when syntax errors are introducd (thanks al_9x for reporting)
|  
| v 2.1.2.7rc2
| ==========================================================================
| x Fixed OBJECT document inclusions failing under some circumstances
|  
| v 2.1.2.7rc1
| ==========================================================================
| + Prevent any website from embedding view-source URIs inside frames
| x Firefox 9.0a1 compatibility

NoScript Security Suite 2.1.2.6.1-signed - Aug. 11, 2011
--------------------------------------------------------

| v 2.1.2.6
| ==========================================================================
| x Temporarily disabled anti-anti-adblocker surrogate on any site except
| those explicitly added to noscript.surrogate.ab.sources preference, as a
| work-around for bug 677652
| x Lazy initialization is deferred also when a file:// URL is loaded as the
| home page
|  
| v 2.1.2.6rc7
| ==========================================================================
| x More accurate work around for bug 677050
|  
| v 2.1.2.6rc6
| ==========================================================================
| x Work around for Nightly bug 677050
|  
| v 2.1.2.6rc5
| ==========================================================================
| x Fixed rapid-fire cross-site interaction protection interfering with some
| keyboard-based UI patterns
|  
| v 2.1.2.6rc4
| ==========================================================================
| x Fixed Firefox's built-in feed renderer broken unless about:feeds is
| whitelisted
| v 2.1.2.6rc3
| ==========================================================================
| x Plugin origin checks now account for multiple extra-codebase archives
| x Work around for HTTPS script inclusions on JavaScript-disabled pages
| being loaded, albeit not executed (thanks al_9x for reporting)
| x [ClearClick] Tentative work-around for ABP's "Block..." tab causing
| false positives on nested documents (thanks GµårÐïåñ for reporting)
|  
| v 2.1.2.6rc2
| ==========================================================================
| x Work-around for content policy inconsistencies in Java applet origins
| handling (thanks al_9x for reporting)
|  
| v 2.1.2.6rc1
| ==========================================================================
| + Surrogate for the `t.co <http://t.co>`__ Twitter URL shortener, which would
  otherwise
| require JavaScript
| + USER ruleset conveniently pre-selected when ABE options are opened
| x Improved invisible links detection approach

NoScript Security Suite 2.1.2.5.1-signed - July 28, 2011
--------------------------------------------------------

| v 2.1.2.5
| ==========================================================================
| x Fixed bookmarklets from sidebars not working on JS-disabled pages
| + Improved Twitter surrogate for Fx 3.x
|  
| v 2.1.2.4
| ==========================================================================
| + Ubuntu-specific startup optimization
|  
| v 2.1.2.4rc5
| ==========================================================================
| + Halved startup time (< 50ms) by deferring costly initialitations to
| first remote request and fastloading the rest
| x Minor tweaks to Twitter surrogate
|  
| v 2.1.2.4rc4
| ==========================================================================
| + Script Surrogate execution also for ABE-denied script requests (
| thanks al_9x for RFE)
| + Script Surrogate for Twitter inclusions (thanks al_9x)
| x Improved compatibility with Readability
| x Fixed switching from one rule to another in the Rulesets box looses
| changes in the current rule (thanks al_9x for reporting)
|  
| v 2.1.2.4rc3
| ==========================================================================
| x Fixed url bar regression from rc2
|  
| v 2.1.2.4rc2
| ==========================================================================
| x [ClearClick] noscript.clearClick.rapidFireCheck about:config preference
| to control whether rapid fire event checking should be enabled or not
| x [Bookmarks] Fixed javascript-based keyword bookmarklet not being ran on
| Fx 6 and above (thanks al_9x for reporting)
|  
| v 2.1.2.4rc1
| ==========================================================================
| x [ClearClick] Restored compatibility with `bit.ly <http://bit.ly>`__ (now
  `bitly.com <http://bitly.com>`__)

NoScript Security Suite 2.1.2.3.1-signed - July 13, 2011
--------------------------------------------------------

| v 2.1.2.3
| ==========================================================================
| x [ClearClick] Refactoring and isolation of the rapid fire protection
|  
| v 2.1.2.3rc2
| ==========================================================================
| x [ClearClick] Further refinement of rapid fire detection on tab switching
|  
| v 2.1.2.3rc1
| ==========================================================================
| x [ClearClick] Fixed delay on first event response after some kinds of tab
| switching
|  
| v 2.1.2.2
| ==========================================================================
| x [ClearClick] Fixed false positives due to backwards incompatibilities
| with Fx 3.5 and below (thanks chas35 for reporting)
| x [Nightly compat] Fixed import/export broken by nsIJSON interface changes
| in recent nightly builds (thanks happy-dude for reporting)
|  
| v 2.1.2.1
| ==========================================================================
| x Fixed rapid fire cross-site interaction protection interfering with
| keyboard-based tab switching (thanks tikl for reporting)

NoScript Security Suite 2.1.1.2.1-signed - June 26, 2011
--------------------------------------------------------

| v 2.1.1.2 (same as 2.1.2rc0)
| ==========================================================================
| x Fixed conflict with Firebug console
| x Removed legacy code in content policy and ClearClick
|  
| v 2.1.1.2rc9
| ==========================================================================
| x Fixed surrogates causing duplicate history entries for some sites on
| Firefox 5
| x Work around for bug 666371 breaking popunder surrogate and legitimate
| popups on some sites
|  
| v 2.1.1.2rc8
| ==========================================================================
| x Work-around for Mac OS X filepicker in Firefox 5 preventing exported
| configuration files from being reimported
|  
| v 2.1.1.2rc7
| ==========================================================================
| x Work-around for Nightly bug breaking the "View image" command
| x Improved Google Analytics surrogate
|  
| v 2.1.1.2rc6
| ==========================================================================
| + HTML 5 media blocking extended to Mozilla's audio API extension (thanks
| al_9x for RFE)
| x Improved handling of resource prefetching through object elements
| x Removed `msc.wlxrs.com <http://msc.wlxrs.com>`__ and
  `js.wlxrs.com <http://js.wlxrs.com>`__, adding just
  `wlxrs.com <http://wlxrs.com>`__ to the
| default whitelist and to the whitelists of Hotmail users, after Microsoft
| explained that this is the future-proof permission needed to ensure
| compatibility with the Live webmail
|  
| v 2.1.1.2rc5
| ==========================================================================
| x Full page reload is not triggered anymore when invisible plugin objects
| are activated if the parent page has been loaded by a POST HTTP request
| (thanks al_9x for RFE)
| x Full page reload is not triggered anymore on invisible frame activation
| (thanks al_9x for RFE)
| x Fixed "Blocked Objects" menu missing on Hotmail inbox (thanks therube
| for reporting)
| x Object elements used to prefetch JavaScript and CSS content are not
| blocked anymore, provided that the parent is whitelisted, This behavior
| can be disabled in about:config, noscript.allowCachingObjects (thanks
| al_9x for RFE)
|  
| v 2.1.1.2rc4
| ==========================================================================
| + Added `msc.wlxrs.com <http://msc.wlxrs.com>`__ to the default whitelist as
  requested by the Hotmail
| team (new domain required for Hotmail to work)
| + One-time merge of the default whitelist to integrate services already
| whitelisted as needed (e.g. `hotmail.com <http://hotmail.com>`__ to imply
  `msc.wlxrs.com <http://msc.wlxrs.com>`__)
| x Work-around for scripts served from
  `amazonaws.com <http://amazonaws.com>`__ having wrong media
| type sometimes
|  
| v 2.1.1.2rc3
| ==========================================================================
| x Fixed frame in-place activation causing the content to be loaded inside
| a nested iframe (thanks al_9x for reporting)
|  
| v 2.1.1.2rc2
| ==========================================================================
| x [XSS] Work-around for an unfixable (JavaScript fragments get actually
| uploaded cross-site) false positive on Verizon login (thanks John Dwyer
| for reportng)
|  
| v 2.1.1.2rc1
| ==========================================================================
| x Fixed onLocationChange2 missing in nsIWebProgressListener2 impl. causing
| noise on trunk after bug 311007 landed (thanks Hydraxr for report)

NoScript Security Suite 2.1.1.1.1-signed - June 9, 2011
-------------------------------------------------------

| v 2.1.1.1
| ==========================================================================
| + Improved embedded object activation on Javascript-enabled pages via
| dynamic method proxies (thanks al_9x for RFE)
|  
| v 2.1.1.1rc2
| ==========================================================================
| x [XSS] removed false positive at Well Fargo's login
|  
| v 2.1.1.1rc1
| ==========================================================================
| x Reduced request garbage collection frequency

NoScript Security Suite 2.1.1.1-signed - May 29, 2011
-----------------------------------------------------

| v 2.1.1
| ==========================================================================
| x Fixed toolbar button hidden in popup windows (thanks Steven Roddis for
| reporting)
|  
| v 2.1.0.6rc14
| ==========================================================================
| x Fixed double HTTP requests sent sometimes for document requests just
| after DNS cache invalidation (thanks Lekensteyn and SLED for reporting)
| x Removed NoScript and FlashGot download pages and added Yahoo! Mail as
| ClearClick exception, in order to prevent false positives in the message
| panel (thanks be and sabret00the for reporting)
| x Fixed conflict with IE Tab 2 causing new tab not to open URLs entered
| in the address bar (thanks mc for reporting)
|  
| v 2.1.0.6rc13
| ==========================================================================
| x Fixed placeholders broken on trunk after fix for Gecko's bug 308590
|  
| v 2.1.0.6rc12
| ==========================================================================
| + Added `paypal.com <http://paypal.com>`__ and
  `paypalobjects.com <http://paypalobjects.com>`__ to the default whitelist, to
  cope
| with the new in-page contribution setup at AMO and reduce XSS risks
| + Improved toStaticHTML() emulation (thanks .mario for reporting)
|  
| v 2.1.0.6rc11
| ==========================================================================
| x Fixed broken toolbar button on first window opened during first run ever
| on Firefox 4.x (thanks al_9x for reporting)
| v 2.1.0.6rc10
| ==========================================================================
| x Tentative fix for double HTTP requests sent sometimes upon DNS refresh
| x Fixed XSS false positive on Google's Talk Gadget loading
|  
| v 2.1.0.6rc9
| ==========================================================================
| + Improved bookmarklet execution handling (thanks @nomaded for reporting)
| = Compatibility bump for Fx 7.0a1
|  
| v 2.1.0.6rc8
| ==========================================================================
| + Further and less likely ASP-related tricks in InjectionChecker (thanks
| Seroush Dalili for reporting)
| x Fixed bookmarklets and JavaScript URLs broken in about:blank unless
| imports are allowed (thanks Nick Ang for reporting)
| + JavaScript URL bar shortcuts are now treated as bookmarklet and executed
| by default (thanks @nomaded for reporting)
|  
| v 2.1.0.6rc7
| ==========================================================================
| x More ASP idiosyncrasies taken in account by InjectionChecker (thanks
| Soroush Dalili for reporting)
| v 2.1.0.6rc6
| ==========================================================================
| x Fixed false positive in anti-exfiltration HTML injection checks
|  
| v 2.1.0.6rc5
| ==========================================================================
| x Fixed rc2 frame blocking regression (thanks milithruldur for report)
|  
| v 2.1.0.6rc4
| ==========================================================================
| + Per-site WebGL blocking support (WebGL is implicitly disabled wherever
| JavaScript is not allowed; it can be blocked on any other site by
| checking "NoScript Options|Embedding|Forbid WebGL", and allowed per-site
| by clicking on a placeholder of the blocked canvas or by using the
| "Blocked objects..." menu if no canvas had been inserted in the page)
|  
| v 2.1.0.6rc3
| ==========================================================================
| x Work-around for Cocoon add-on being broken by NoScript's early usage
| of the IO Service (thanks Dan Staudigel for reporting)
|  
| v 2.1.0.6rc2
| ==========================================================================
| x Fixed plugin documents can't be opened in NewsFox if embedding
| restrictions are in place (thanks Mc for reporting)
|  
| v 2.1.0.6rc1
| ==========================================================================
| x Fixed broken anti image exfiltration rules in HTML injection checks on
| noscripted pages (thanks Gareth Heyes for reporting)

NoScript Security Suite 2.1.0.5.1-signed - May 16, 2011
-------------------------------------------------------

| v 2.1.0.5
| ==========================================================================
| x Fixed recent memory optimizations breaking compatibility with some
| extensions (thanks Alan Baxter for reporting)
|  
| v 2.1.0.5rc1
| ==========================================================================
| x Work-around for a Seamonkey initialization timing issue
|  
| v 2.1.0.4
| ==========================================================================
| + Improved performance and memory efficiency of cross-site checks
| x Removed redundant primary origin from ABE messages
| x More verbose initialization error reporting
|  
| v 2.1.0.4rc10
| ==========================================================================
| x Fixed memory leak on Nightly when watching the movie at http://ro.me
| (thanks \_nil and therube for reporting)
|  
| v 2.1.0.4rc9
| ==========================================================================
| x Fixed Script Surrogate execution breaking some framesets
| x Fixed executing an interactive bookmarklet and closing current tab
| during execution keeps scripts globally allowed
| + Disabled execution of javascript: and data: URLs typed or
| pasted in the address bar (noscript.allowURLBarJS preference)
| + Disabled execution of non-whitelisted scripts imported during execution
| of javascript: and data: URLs typed or pasted in the address bar
| (noscript.allowURLBarImports preference)
| + Work around for Verizon's cache serving scripts with wrong media type
|  
| v 2.1.0.4rc8
| ==========================================================================
| x Fixed NoScript icon disappearing from add-on bar when mode == "text"
|  
| v 2.1.0.4rc7
| ==========================================================================
| x Better work-around for `bit.ly <http://bit.ly>`__ sidebar triggering
  ClearClick warnings
| (thanks Markus387 for reporting)
|  
| v 2.1.0.4rc6
| ==========================================================================
| x Work-around for `bit.ly <http://bit.ly>`__ sidebar triggering ClearClick
  warnings
| x Fixed placeholders with undersized type icon regression
|  
| v 2.1.0.4rc5
| ==========================================================================
| x Fixed Seamonkey hanging on some pages (thanks therube for reporting)
|  
| v 2.1.0.4rc4
| ==========================================================================
| x Fixed labels being shown for NoScript buttons on the add-on bar in some
| configurations (thanks baciok for reporting)
|  
| v 2.1.0.4rc3
| ==========================================================================
| x Fixed minimum placeholder size not applied when embeddings have "auto"
| as their computed CSS width or height (thanks al_9x for reporting)
| v 2.1.0.4rc2
| ==========================================================================
| + On scriptless pages, empty forms meant to be submitted via JavaScript
| are automatically augmented with a submit button labeled after the
| destination URL (thanks timeless for RFE)
|  
| 2.1.0.4rc1
| ==========================================================================
| x Changed the noscript.forbidXBL default to 1 (OK for current Fx versions)
| in order to avoid Lotus Mail issues (thanks Tina for reporting)
| x [XSS] Fixed a false positive involving Amazon mp3 checkout (thanks Dan
| Loomis for reporting)

NoScript Security Suite 2.1.0.3.1-signed - April 23, 2011
---------------------------------------------------------

| v 2.1.0.3
| ==========================================================================
| x [L10n] Updated ro
| x Restored some locales gone missing in previous dev build
|  
| v 2.1.0.3rc5
| ==========================================================================
| x Improved Google Analytics surrogate
| x Experimental built-in Firefox Sync turned off by default (can be enabled
| through the noscript.sync.enabled about:config preference)
| x Tentative fix for some synchronization annoyances
|  
| v 2.1.0.3rc4
| ==========================================================================
| x Suppress any dump() logging when in Private Browsing mode, in order to
| avoid X session log leakages on Linux
| x Tentative fix for a RequestWatchdog lazy initialization race condition
| (thanks Daniel Holbert for reporting)
|  
| v 2.1.0.3rc3
| ==========================================================================
| + Warning when user closes the options dialog leaving broken ABE ruleset
| behind (thanks al_9x for report)
|  
| v 2.1.0.3rc2
| ==========================================================================
| x Fixed Yahoo Toolbar breaking first browser window if NoScript 2.1.0.2 is
| installed
| x Various additional startup optimizations
|  
| v 2.1.0.3rc1
| ==========================================================================
| x Added some null checks to prevent Venkman noise (thanks timeless)

NoScript Security Suite 2.1.0.2.1-signed - April 9, 2011
--------------------------------------------------------

| 2.1.0.2
| ==========================================================================
| x [XSS] Improved XML prescreening
|  
| v 2.1.0.2rc5
| ==========================================================================
| x Halved startup time
|  
| v 2.1.0.2rc4
| ==========================================================================
| x More robust surrogate execution
|  
| v 2.1.0.2rc3
| ==========================================================================
| + Label automatically hidden when NoScript's toolbar buttons are added to
| the add-ons bar
|  
| v 2.1.0.2rc2
| ==========================================================================
| x Fixed AddressMatcher broken by RegExp changes in latest Minefield (
| thanks linuser for reporting)
| v 2.1.0.2rc1
| ==========================================================================
| x Fixed ABE options panel regressions due to the changed storage (thanks
| al_9x for reporting)

NoScript Security Suite 2.1.0.1.1-signed - March 26, 2011
---------------------------------------------------------

| v 2.1.0.1
| ==========================================================================
| x Removed `googlesyndication.com <http://googlesyndication.com>`__ from the
  default whitelist
| x Added `securecode.com <http://securecode.com>`__ ("Verified by VISA") to
  the default whitelist, in
| order to prevent surprise transaction failures
| x [XSS] Exception for POST requests coming from a secure albeit not
| whitelisted Verified by Visa (`securecode.com <http://securecode.com>`__)
  origin
| x [ABE] Fixed bug causing excessive console noise from permissive rules
| x Updated locales
|  
| v 2.1
| ==========================================================================
| x Fixed various Script Surrogate inconsistencies
|  
| v 2.1.0rc6
| ==========================================================================
| + [ABE] Rulesets now are stored as preferences rather than files for
| faster startup (less I/O) and more consistent settings management
| + [ABE/Sync] Rulesets are integrated into Firefox Sync for preferences too
| x On first Firefox 4 run toolbar icon now gets added to the add-on bar
| instead of the navigation bar if the latter is invisible, even if the
| former is invisible as well (many users seem to expect it there)
| x Fixed additional toolbar buttons too wide when labels are shown
| x Fixed some Script Surrogate regressions (thanks al_9x for reporting)
| x Work around for alert on new windows due to Mozilla's bug 608628
| x Fixed placeholder not shown for embed elements placed inside invalid
| object elements (thanks al_9x for reporting)
|  
| v 2.1.0rc5
| ==========================================================================
| + Firefox Sync integration can be switched off through the
| noscript.sync.enabled about:config preference
| x [XSS] Fixed false positive regression from recent Firefox 4
| optimizations (thanks m_c for reporting)
|  
| v 2.1.0rc4
| ==========================================================================
| x Further version-specific Script Surrogate optimizations
|  
| v 2.1.0rc3
| ==========================================================================
| + First shot at Firefox Sync native integration, synchronizes everything
| except custom ABE rules
| x [ABE] Optimized origin tracing
| + [ABE] INC(MEDIA) subtype matching HTML5 video and audio requests
| + [ABE] INC(FONT) subtype matching font embedding requests
| x Huge refactoring in regular expression usage to optimize for Fx 4
| x Script Surrogate optimization
|  
| v 2.1.0rc2
| ==========================================================================
| x [ABE] Work-around for some Java plugin requests bypassing HTTP observers
| (thanks tlu for reporting)
| + [ABE] Media HTML elements and plugin sub-requests are matched by the OBJ
| inclusion subtype
| + [ABE] Font requests are matched by the OTHER inclusion subtype
|  
| v 2.1.0rc1
| ==========================================================================
| x Fixed iframe content being sometimes opened in new tabs on Fx 4 when ABE
| is enabled and DNS cache is missed

NoScript Security Suite 2.0.9.9.1-signed - March 5, 2011
--------------------------------------------------------

| v 2.0.9.9
| ==========================================================================
| x Fixed spaces in ipecho response breaking WAN IP detection with one of
| the mirrors
| + Experimental built-in profiler for debugging purposes
|  
| v 2.0.9.9rc5
| ==========================================================================
| + Compatibility with `Fire.fm <http://Fire.fm>`__
| + [XSS] Compatibility with latest Readability
| x Tentative work-around for a WAN IP detection issue after sleep/wakeup
|  
| v 2.0.9.9rc4
| ==========================================================================
| + Forced text-plain on documents which miss a content-type header but send
| "X-Content-Type-Options: nosniff"
| + Increased compatibility of the X-Content-Options implementation
|  
| v 2.0.9.9rc3
| ==========================================================================
| x Work-around for surrogates not being executed on latest Fx 4 builds
| x X-Content-Options implementation more compatible with Browserscope
|  
| v 2.0.9.9rc2
| ==========================================================================
| x Fixed AJAX fallback last-minute breakage (thanks dhouwn for report)
|  
| v 2.0.9.9rc1
| ==========================================================================
| + Improved XSS filter to protect against potential risks from new HTML 5
| features
| + AJAX fallback support via Google's \_escaped_fragment\_ recommendation,
| can be disabled by toggling the noscript.ajaxFallback.enabled preference
| (see https://code.google.com/web/ajaxcrawling/, thanks alexbobp for RFE)
| + New noscript.placeholderLongTip about:config preference to control
| whether embedding placeholder tooltips should include query strings
| and hash fragments or not (true by default)

NoScript Security Suite 2.0.9.8.1-signed - Feb. 13, 2011
--------------------------------------------------------

| v 2.0.9.8
| ==========================================================================
| x Fixed empty tooltip for embedded placeholder on some RTL pages (thanks
| Saad for reporting)
| x Truncate URLs in placeholders tooltips at the the query string or hash,
| to increase readability (thanks anystupidassname for RFE)
| x Increased WAN IP checks interval to 1 hour reducing log spam on routers
| - Removed some obsolete code
|  
| v 2.0.9.8rc2
| ==========================================================================
| x Fixed all IPv6 addresses in fc80::/24 subnet being erronously treated
| like link-local addresses (thanks Jojo999 for reporting)
| x Fixed "Unsafe Reload" not working for sanitized POST requests from
| untrusted to trusted sites (thanks Lucas Malor for reporting)
| + Better compatibility with Paypal button hosted on non-whitelisted sites
| + Added `mozilla.net <http://mozilla.net>`__ to the default whitelist for AMO
  compatibility
|  
| v 2.0.9.8rc1
| ==========================================================================
| x [UI] Fixed toolbar button being added on the right of the window resizer
| when Fx 4 is run for the first time with NoScript and the add-on bar is
| visible
| + [UI] Hitting the "show UI" shortcut (ctrl+shift+S) a second time
| dismisses NoScript's popup menu (thanks jso for RFE)
| x [DNT] Restored header reordering after DNT header is added, in order to
| match Firefox 4's header fingerprint

NoScript Security Suite 2.0.9.7.1-signed - Jan. 30, 2011
--------------------------------------------------------

| v 2.0.9.7
| ==========================================================================
| x Fixed status label menu popping up in a wrong position
| x Updated locales
|  
| v 2.0.9.7rc5
| ==========================================================================
| x Fixed external filters submenu not removed when external filters are
| disabled
| x Blocked objects menus show IFRAME/FRAME rather than mime type info for
| blocked frames (thanks al_9x for suggestion)
| + Restored legacy status label by popular request
| + Sticky menu can be triggered by left clicking on status label now
|  
| v 2.0.9.7rc4
| ==========================================================================
| x Work-around for menu icons hidden with some Linux distros and themes
| (thanks nickr for reporting)
| x Changed the X-Do-Not-Track header name to DNT in anticipation of an IETF
| Internet-Draft, per Jonathan Mayer
| x noscript.doNotTrack.forced gets honored for local addresses now (thanks
| Heptite for RFE)
| x Fixed partial external filter definition could not be saved
| x Fixed empty external filter whitelist could not be validated
|  
| v 2.0.9.7rc3
| ==========================================================================
| x Fixed exception on cross-site POST requests from URIs not supporting
| the host component (thanks JeffCO for reporting)
| x Fixed JS redirection detection being activated also on whitelisted
| pages sometimes (thanks scratchpaper for reporting)
|  
| v 2.0.9.7rc2
| ==========================================================================
| + 64x64 icon for Fx 4's add-ons manager
| x Fixed bookmarklet execution machinery active even when JavaScript is
| disabled by Firefox's content options (thanks Martin Focke foir report)
| x Tentative work-around for toolbar button being oriented vertically in
| some themes, disrupting toolbar's layout
| x More updated locales
|  
| v 2.0.9.7rc1
| ==========================================================================
| x Fixed a ClearClick bypass possible to whitelisted attackers who can run
| JavaScript (thanks Atul Agarwal for reporting)
| x Updated locales
| x Improved K-Meleon portability (thanks jk- for RFE)

NoScript Security Suite 2.0.9.6.1-signed - Jan. 18, 2011
--------------------------------------------------------

| v 2.0.9.6
| ==========================================================================
| x X-Do-Not-Track after a DNS cache miss causing some embedded content
| requests to fail
| + Contribution button on the bottom of the Options dialog
|  
| v 2.0.9.5
| ==========================================================================
| x Fixed NoScript toolbar buttons having wrong orientation in "icon and
| text" mode
|  
| v 2.0.9.4
| ==========================================================================
| x Fixed toolbar button does not open the menu (unless you click the little
| arrow) if you disable hovering and toggling (thanks bleh for report)
| - Removed dynamic localization fallback at runtime
| + Added static localization fallback to the build system
| x Localization layout cleanup
| x Legacy files cleanup
|  
| v 2.0.9.4rc2
| ==========================================================================
| x Removed toolbarbutton-specific stylings
| + Better web compatibility for X-Content-Options
| + Better home router compatibility for X-Do-Not-Track
|  
| v 2.0.9.4rc1
| ==========================================================================
| x Fixed DoNotTrack exceptions/forced patterns not being enforced
| x Tentative work-around for basic HTTP authentication failing with some
| servers when X-Do-Not-Track is sent

NoScript Security Suite 2.0.9.3.1-signed - Jan. 3, 2011
-------------------------------------------------------

| v 2.0.9.3
| ==========================================================================
| x Fixed some cross-site requests containing JSON-like fragments broken

NoScript Security Suite 2.0.9.2.1-signed - Dec. 28, 2010
--------------------------------------------------------

| v 2.0.9.2
| ==========================================================================
| x Fixed forbid META refresh inside NOSCRIPT elements regression
|  
| v 2.0.9.1
| ==========================================================================
| x Fixed partial options dialog breakage (ClearClick and Import/Export)
|  
| v 2.0.9
| ==========================================================================
| - Removed JAR blocking (obsolete in supported browser versions)
| - Removed emulated TLD service
| x Hidden status bar icon option on applications which have no status bar
| x Fixed noscript.doNotTrack.\* preferences not being honored
|  
| v 2.0.9rc5
| ==========================================================================
| x Fixed wrong popup position on status bar icon (Fx 3.6.x and below only)
|  
| v 2.0.9rc4
| ==========================================================================
| + X-Do-Not-Track and X-Behavioral-Ad-Opt-Out (tracking opt-out) support,
| controlled by the noscript.doNotTrack.\* about:config preferences
| x Restored "left+click on NoScript icon reopens the menu in legacy mode
| even if it's already opened in hover mode" feature
| x Fixed bug preventing channel replacement when the HTTP method changes
| + Embedded permissions are now bound to the embedding site (thanks al_9x
| for RFE)
| x Fixed permissions keys for Flash embeddings include FlashVars PARAMETER
| elements, rather than just attributes (thanks breakBug for report)
| x Fixed embedding permission changes not honoring disabled autoreload
| preferences (thanks MMlosh for reporting)
|  
| v 2.0.9rc3
| ==========================================================================
| + Middle clicking toolbar button temporarily allows all on current page
| - Removed forced embedding opacization legacy feature
| - Removed tooltips from icons spawning hover UI
| - Disabled permission toggling on left+click for hover UI toolbar buttons
| (can be reenabled by setting noscript.hoverUI.excludeToggling to true)
| x Fixed notification regression
|  
| v 2.0.9rc2
| ==========================================================================
| x No extra spacer added on addon-bar during first customization
| x Long menus automatically scroll to the bottom when opened from the
| bottom of the browser
| x Fixed legacy status bar icon switching permissions on left+click like
| the toolbar button
| x Fixed legacy status bar icon always getting "after_start" popup position
|  
| v 2.0.9rc1
| ==========================================================================
| + Improved anti-popunder surrogate
| + Check for UI accessibility of Firefox 4 with hidden addon-bar and
| automatic installation of toolbar button on fail
| x Fixed whitelisted iframe blocking getting in the way of web content
| embedded by privileged tabs (e.g. Firefox 4's add-on manager)
| x [ClearClick] slightly shorter viewport to accomodate Facebook's "Like"
| mini buttons
| x Fixed tooltips getting in the way of hover UI
| - Removed status bar label
| x Fixed regression: permissions changes on sites with non-standard ports
| failed to trigger page reload (thanks Andrew Black for reporting)
| x Fixed layout issue triggered by JS redirect detection (thanks Teknorat
| for reporting)

NoScript Security Suite 2.0.8.1 - Dec. 8, 2010
----------------------------------------------

| v 2.0.8.1
| ==========================================================================
| x Fixed new IFRAME-based Youtube embedding method broken on non
| whitelisted pages with embedding restrictions (thanks al_9x for report)
|  
| v 2.0.8
| ==========================================================================
| x Fixed toolbar buttons icon size on Firefox 4 Windows theme
| + XSS check on permissions changes, suppressing events and forcing
| filtered reload if an injection is found (thanks "dave b" for reporting)
| x Fixed graphic glitches on menu showing with accelerated graphics (thanks
| Das for reporting)
| x Fixed permission changes causing unrelated tabs to be reloaded when
| automatic permissions had been previously granted
|  
| v 2.0.8rc2
| ==========================================================================
| x Fixed unhandled exception caused by LiveConnect interception logging (
| thanks al_9x for reporting)
| x Optimized QueryInterface generation
| + [ABE] 6to4 IP addresses support
| x Fixed LiveConnect interception firing a dummy JVM sometimes on Gecko 2.0
|  
| v 2.0.8rc1
| ==========================================================================
| x LiveConnect interception time reduced by 10 on Firefox 3.6 and by 100 on
| Firefox 4 (about 1ms each)
| x Restored LiveConnect interception logging (LOG_CONTENT_INTERCEPT mask)
| x Fixed bug in fake redirections code, causing it not to honor the
| redirection limit settings (thanks Peter Eckersley)
| x [XSS] Improved SQLXSSI detection accuracy
| x Updated revsci surrogate (thanks al_9x)

NoScript Security Suite 2.0.7 - Nov. 25, 2010
---------------------------------------------

| v 2.0.7
| ==========================================================================
| + [XSS] Detection and filtering of hexadecimal and binary encoded
| reflected XSS through SQL injection (SQLXSSI), partially found and
| disclosed (raw hexadecimal variant only) by Aditya K Sood
|  
| v 2.0.6
| ==========================================================================
| + Bug fixes and improvements in LiveConnect interception
| x Fixed random "win is null" error message (thanks timeless for report)
|  
| v 2.0.6rc4
| ==========================================================================
| + Java packages exposed by LiveConnect on the window object are made
| unaccessible wherever Java is blocked by embedding restrictions
|  
| v 2.0.6rc3
| ==========================================================================
| x [ABE] Work-around for Flash video playback and other HTTP subrequests
| from plugins sometimes failing on latest Minefield builds
| v 2.0.6rc2
| ==========================================================================
| x [ABE] Fixed 2.0.6rc1 regression: broken internal redirections
|  
| v 2.0.6rc1
| ==========================================================================
| + "Security and privacy info" pages shown also by middle-clicking items
| in NoScript Options|Whitelist (thanks dhouwn for RFE)
| x [XSS] Better compatibility with 4shared embedded movies
| x [ABE] Fixed regression: Anon action interfering with IFrame blocking
| when DNS record for current request is cached (thanks al_9x for report)

NoScript Security Suite 2.0.5.1 - Nov. 11, 2010
-----------------------------------------------

| v 2.0.5.1
| ==========================================================================
| x Improved LoadGroup integration of the new internal redirection machinery
| for better loading progress feedback.
|  
| v 2.0.5
| ==========================================================================
| x Fixed stability issue when forcing HTTPS on images
|  
| v 2.0.5rc3
| ==========================================================================
| x Faster and more "correct" hack for internal redirections
|  
| v 2.0.5rc2
| ==========================================================================
| x Experimental asynchronous channel replacement for ABE and HTTPS
| enforcement, should prevent issues with image caching
| x Work-around for Google/Youtube bug, sending "Content-Type: text/plain"
| header for script files even with "X-Content-Type-Options: nosniff" (see
| http://forums.informaction.com/viewtopic.php?f=7&t=5304)
|  
| v 2.0.5rc1
| ==========================================================================
| x Fixed automatic allowing for XMLHttpRequest of sites with explicit port
| numbers whose domain is allowed (thanks evanpelt for reporting)

NoScript Security Suite 2.0.4 - Oct. 28, 2010
---------------------------------------------

| v 2.0.4rc2
| ==========================================================================
| + Better logging for the "X-Content-Type-Options: nosniff" activity
| + noscript.nosniff about:config preference to control whether enforcing
| "X-Content-Type-Options: nosniff" (true, default) or not (false)
|  
| v 2.0.4rc1
| ==========================================================================
| + "X-Content-Type-Options: nosniff" support
| x Fixed using bookmarklets with noscript.allowBookmarkletImports set to
| false erronously adds current website to the JavaScript whitelist

NoScript Security Suite 2.0.3.5 - Oct. 17, 2010
-----------------------------------------------

| v 2.0.3.5
| ==========================================================================
| x [UI] Fixed right-click on the toolbar button switching permissions
|  
| v 2.0.3.4
| ==========================================================================
| + [UI] Bold "Recently blocked" menu and items which have been attempted to
| load from the currently displayed web site (thanks therube for RFE)
| - Removed legacy (pre Fx 3) notification code
|  
| v 2.0.3.4rc2
| ==========================================================================
| - [UI] Removed status icon hover effect
| + [Surrogate] adriver.ru surrogate to prevent "pages never finish loading"
| problem (thanks al_9x)
| + [ClearClick] Unlocked flag caching performance optimizations
| + AddressMatcher now matches UTF8 (not IDN-encoded) host names too
| + AddressMatcher now matches scheme only (xyz:) patterns
| x Work-around for X-Frame-Option interfering with mixed chrome/content
| UIs (e.g. Firefox 4 add-ons manager)
|  
| v 2.0.3.4rc1
| ==========================================================================
| x Fixed unchecking and re-checking the toggle permissions toolbar button
| behavior ending in an inconsistent status (thanks Grump Old Lady for
| reporting)
| x [XSS] Improved Blogger CMS compatibility (thanks Logos for reporting)

NoScript Security Suite 2.0.3.3 - Oct. 1, 2010
----------------------------------------------

| v 2.0.3.3
| ==========================================================================
| x Changed noscript.forbidIFramesContext about:config preference default to
| 3 (same base domain) to ensure better usability on complex sites (e.g.
| new Twitter) for people who's blocking iframes on trusted sites
| x Optimal sensitivity calibration for Hover UI trigger events
|  
| v 2.0.3.3rc3
| ==========================================================================
| + Improved Hover UI usability with the noscript.hoverUI.delayStop
| about:config preference, dictating how many milliseconds the mouse must
| stand still on NoScript's icon before NoScript's menu is displayed
|  
| v 2.0.3.3rc2
| ==========================================================================
| + [Surrogate] Surrogate scripts are no longer wrapped inside anonymous
| functions, in order to allow top-level variables to be forced read-only
| by using the const keyword; built-in surrogates have been retrofitted to
| prevent scope clashes, by adding anonymous function wrappers as needed
|  
| v 2.0.3.3rc1
| ==========================================================================
| + [UI] Configurable enter and exit delays for the hover UI behavior, via
| noscript.hoverUI.delay\* about:config preferences
| x [ClearClick] improved compatibility with very short frames (like the top
| bar on www.blogger.com, thanks craftcove for reporting)
| x [Policy] Removed legacy code specializing TYPE_OTHER

NoScript Security Suite 2.0.3.2 - Sept. 18, 2010
------------------------------------------------

| v 2.0.3.2
| ==========================================================================
| x Work-around for first script element in body of a framed document not
| being executed unless password manager is enabled on Minefield
| x Work-around for surrogates not being executed in frames on Minefield
|  
| v 2.0.3.2rc1
| ==========================================================================
| x Fixed further menu glitches with URL ports (thanks al_9x for reporting)
|  
| v 2.0.3.1
| ==========================================================================
| x [UI] added 250ms delay for menu disappearing on mouse out from icon (
| disappearing mouse out from menu already used a 500ms delay)
| x Fixed explicit port URL related regression (thanks al_9x for reporting)
|  
| v 2.0.3.1rc6
| ==========================================================================
| x Fixed further breakages due to Array prototype chain glitches introduced
| in latest Minefield
|  
| v 2.0.3.1rc5
| ==========================================================================
| x Fixed redirections broken by Array prototype chain glitches introduced
| in latest Minefield
|  
| v 2.0.3.1rc4
| ==========================================================================
| x Work-arounds for some CAPS implementation impedance mismatches (thanks
| GµårÐïåñ and al_9x for reporting)
|  
| v 2.0.3.1rc3
| ==========================================================================
| + [UI] Extended the "open on hover" behavior to the toolbar button
| x about:crashes added to the mandatory whitelist
|  
| v 2.0.3.1rc2
| ==========================================================================
| x [Surrogate] Fixed window.open not working for HTTP sites on recent
| Minefield builds
| x Fixed minor glitch in channel replacement on trunk
|  
| v 2.0.3.1rc1
| ==========================================================================
| x [Surrogate] Restored the previous document.cookie patching order, since
| it seems more compatible with some buggy sites

NoScript Security Suite 2.0.3 - Sept. 10, 2010
----------------------------------------------

| 2.0.3
| ==========================================================================
| x [Surrogate] Improved compatibility of the popunder surrogate
| x [Surrogate] Fixed broken meebo.com detached windows
| x [L10n] Updated it-IT
|  
| v 2.0.3rc4
| ==========================================================================
| + [Pref] "NoScript Options|Appearance|Open permissions menu when mouse
| hovers over NoScript's icon" checkbox
| x [UI] Minor refinements in the new "UI on hovering" behavior
|  
| v 2.0.3rc3
| ==========================================================================
| x [XSS] Fixed "Unsafe reload" not working under some circumstances (thanks
| the JoshMeister for reporting)
| + [XSS] Better compatibility with Blogspot's CMS (thanks the JoshMeister
| for reporting)
| x Fixed "setting a property that has only a getter" warning in strict mode
| x Better compatibility with CDNs improperly serving JavaScript files with
| a CSS mime type
| v 2.0.3rc2
| ==========================================================================
| x Fixed "Partially allowed" message instead of "Forbidden" when everything
| is blocked, including some embeddings (thanks jan for reporting)
| x Fixed "No placeholder from untrusted" broken since 2.0.2.4 (thanks al_9x
| for reporting)
| v 2.0.3rc1
| ==========================================================================
| + [UI] Clickless "on over" opening of the status bar menu, can be disabled
| via noscript.hoverUI about:config preference (thanks safemode for RFE)
| x Fixed embedded fonts requiring the page to be allowed, rather than the
| just the object, if embedded in data: URIs (thanks Alexander Konovalenko
| for reporting)

NoScript Security Suite 2.0.2.5 - Sept. 2, 2010
-----------------------------------------------

| v 2.0.2.5
| ==========================================================================
| x [XSS] Further FBML compatibility improvements

NoScript Security Suite 2.0.2.3 - Aug. 19, 2010
-----------------------------------------------

| v 2.0.2.3
| ==========================================================================
| x [XSS] Fixed optimization bug which may lead to slower checks on specific
| source patterns

NoScript Security Suite 2.0.1 - Aug. 6, 2010
--------------------------------------------

| v 2.0.1
| ==========================================================================
| + [ABE] noscript.abe.localExtras about:config preference can specify net
| resources (space separated IPs and/or subnets) to be considered as
| LOCAL by ABE, in addition to the "regular" private subnetworks and the
| auto-detected WAN IP (thanks ammdispose for suggestion)
| x [ClearClick] Better compatibility with iframes containing very tiny
| pages (e.g. horizontal Flattr buttons)
| x Fixed page-level surrogates not always being executed inside iframes
| (thanks al_9x for reporting)
| x [XSS] Fixed XML tags with no attributes which are homonymous of
| "sensitive" HTML tags triggering XSS false positives
|  
| v 2.0.1rc4
| ==========================================================================
| + Forced NOSCRIPT element activation is not triggered for sources marked
| as untrusted (thanks al_9x for suggestion)
| + Update for Firefox 4.0b4pre compatibility (bug 546606)
|  
| v 2.0.1rc3
| ==========================================================================
| x Improved interaction between surrogates and NOSCRIPT element activation
| x Fixed potential recursion issue during DNS resolution on SeaMonkey trunk
| (thanks therube for reporting)
| x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=584334
| x Fixed using IPv6 URL syntax causes confusion to some proxies
| x Compatibility checks updates
|  
| v 2.0.1rc2
| ==========================================================================
| + [ABE] "X-ABE-Fingerprint: Off" header can be sent by web servers which
| don't want/need to be fingerprinted by ABE's WAN IP protection
| + [ABE] User agent header "Mozilla/5.0 (ABE, http://noscript.net/abe/wan)"
| is sent to help administrators finding info about ABE's fingerprinting
| x [ABE] Fingerprint checks are performed every 15 minutes, rather than 5
| x Fixed early access to document.documentElement breaking XBL bindings
| on SeaMonkey trunk (thanks therube for reporting)
|  
| v 2.0.1rc1
| ==========================================================================
| x Fixed meta redirections being broken sometimes when a NOSCRIPT element
| activation is forced on a JavaScript-enabled page (thanks Supermop for
| reporting)

NoScript Security Suite 2.0 - July 27, 2010
-------------------------------------------

| v 2.0
| ==========================================================================
| x [Surrogate] Fixed Google thumbs surrogate broken by recent Gecko changes
| x [ClearClick] Work-around for client(Height|Width) miscalculation
|  
| v 2.0rc8
| ==========================================================================
| + Full hand-over to InjectionChecker for untrusted origin requests as well
| + More efficient UI synchronization system
| x Fixed status icon not being correctly updated when a new script source
| gets added after page is loaded
|  
| v 2.0rc7
| ==========================================================================
| + More web-compatible NOSCRIPT element handling on mixed permissions pages
|  
| v 2.0rc6
| ==========================================================================
| + [ABE] WAN IP checks logged on Error Console (thanks al_9x for RFE)
|  
| v 2.0rc5
| ==========================================================================
| + [ABE] Experimental cross-zone CSRF protection for flawed routers which
| expose their WAN IP on their LAN interface (thanks al_9x for report)
|  
| v 2.0rc4
| ==========================================================================
| + Anti-anti-adblocker generic page-level surrogate
| + Minimal surrogates for several ad/tracking sources
| + Revsci surrogate (thanks al_9x)
| x Work-around for medicare.gov "benign" XSS
|  
| v 2.0rc3
| ==========================================================================
| x Fixed X-Frame-Options being checked for plugin embeddings as well
| (thanks Richard Johnson for reporting)
|  
| v 2.0rc2
| ==========================================================================
| + External filters now receive the object URL as their 4th argument

NoScript Security Suite 1.10 - July 14, 2010
--------------------------------------------

| v 1.10
| ==========================================================================
| + ABE built-in ruleset editor
| + Button to reset ABE's defaults
| x Fixed setting noscript.cp.last to false causing embeddings not to be
| blocked
| x Fixed 2nd order InjectionChecker bypass (thanks Sirdarckcat for report)
| + External filters now receive the object referrer as their 3rd argument

NoScript Security Suite 1.9.9.99 - July 6, 2010
-----------------------------------------------

| v 1.9.9.99
| ==========================================================================
| x Emergency fix for a page reload bug on Mac OS X causing high CPU
| consumption after permission changes (thanks "D A" for reporting)

NoScript Security Suite 1.9.9.98 - July 5, 2010
-----------------------------------------------

| v 1.9.9.98
| ==========================================================================
| + Improved ClearClick clipping accuracy on framesets
| + Improved ClearClick clipping accuracy on nested scrolling elements
|  
| v 1.9.9.98rc6
| ==========================================================================
| x Fixed work-around for Mozilla's bug 576492 breaking NoScript on browser
| restart
|  
| v 1.9.9.98rc5
| ==========================================================================
| + Support for the latest Gecko 2 XPCOM changes
| x Work-around for Mozilla's bug 576492
|  
| v 1.9.9.98rc4
| ==========================================================================
| + noscript.surrogates.debug preference enables console logging of uncaught
| exceptions happening in surrogates (thanks al_9x for suggestion)
| x Better error handling in surrogates, prevents a failing scripts to abort
| the others
| x Improved AMO surrogates, allows right-click menu to work on install
| buttons (thanks Mc for reporting)
|  
| v 1.9.9.98rc3
| ==========================================================================
| x Fixed bug on edge case minimum placeholder size computation when object
| to be replaced is out of the current viewport
| x Version compatibility bump for Firefox 4.0b2pre
| x Fixed regression: untrusted icon not being shown when all the sources
| of a page are untrusted (thanks al_9x for reporting)
|  
| v 1.9.9.98rc2
| ==========================================================================
| + window.toStaticHTML implementation
| x Improved placeholders for embeds nested in ActiveX OBJECT elements
|  
| v 1.9.9.98rc1
| ==========================================================================
| + Surrogate for Google Search thumbnails when Google is not whitelisted
| + Automatic reload on permission change setting now affects pages
| containing embeddings which change status too, whose reload can be also
| forced through the noscript.autoReload.embedders preference:
| 0 - never reload
| 1 - inherit the noscript.autoReload setting
| 2 - force reload
| + Prevent reload on pages where a 3rd party script changed its
| permissions status but the top-level is forbidden and unchanged
| + Surrogate to use InstallTrigger on AMO even if addons.mozilla.org is not
| whitelisted

NoScript Security Suite 1.9.9.97 - June 24, 2010
------------------------------------------------

| v 1.9.9.97
| ==========================================================================
| x Fixed ClearClick false positives on Fx 3.5 and below (thanks Deniz Sofu
| for reporting)
| x Compatibility version bump for Seamokey trunk
|  
| v 1.9.9.97rc1
| ==========================================================================
| x Fixed '@' surrogates being ran on scriptless pages
| x Recentering on the parent form for ClearClick checks over a form widget
| reduces false positives over obstructed frames
|  
| v 1.9.9.96
| ==========================================================================
| x Fixed Script Surrogates activation glitches
|  
| v 1.9.9.95
| ==========================================================================
| x Fixed wrongly sized placeholders on Youtube (regression from rc1)
|  
| v 1.9.9.95rc2
| ==========================================================================
| x More accurated feedback on nested object blocking (thanks al_9x for
| reporting)
| + External filters command line template updated with request origin as
| the 3rd argument
|  
| v 1.9.9.95rc1
| ==========================================================================
| + imagebam surrogate kills popups over images and popunders on click
| + imagehaven surrogate kills popups over images and popunders on click
| + inserstitialBox surrogate kills interstital on imagevenue.com
| + "!@" prefixed surrogates run no matter whether scripts are enabled or
| disabled for the page (in a DOMContentLoaded event handler)
| x Fixed JS redirect handling causing duplicate object placeholders on
| scriptless pages containing embeddings only
| x Fixed ABE's SELF checks fail on redirects which contain a browser URL
|  
| v 1.9.9.94
| ==========================================================================
| x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
| browsers like SeaMonkey (thanks therube for reporting)
| X Better icon feedback on page where there's no script element but some
| plugin content has been blocked
|  
| v 1.9.9.93
| ==========================================================================
| x Fixed ClearClick false positives when RTL content or browser settings
| put the vertical scrollbar on the left (thanks Mark Callow for report)
| x Fixed setting noscript.checkInjectionType to false did not disable the
| feature (thanks al_9x for report)
| x More accurate embedded object replacement (thanks al_9x for report)
|  
| v 1.9.9.92
| ==========================================================================
| x Fixed Places-related bug on Minefield (thanks mpz for reporting)
| x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
| (allow same domain) if either the parent or the frame is marked as
| untrusted (thanks al_9x for suggestion)
| v 1.9.9.91
| ==========================================================================
| x More compatible docShell reaching, works around some buggy extensions
| which wrap browser.webNavigation just partially
| x InjectionChecker's XML reduction more compatible with SAML
|  
| v 1.9.9.90
| ==========================================================================
| + Optimal timing for page-level surrogates in frames
| x ClearClick exceptions are considered independently from the JavaScript
| whitelist as they should
| x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
| (thanks al_9x for reporting)
|  
| v 1.9.9.89
| ==========================================================================
| x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
| (thanks al_9x for reporting)
| x More consistent icon feedback with docShell-based cascading JS blocking
| (thanks al_9x for reporting)
|  
| v 1.9.9.88
| ==========================================================================
| x Inclusion type checks try to infer file type from directory-like URLs
| x More consistent web bugs blocking with forced NOSCRIPT elements
| x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
| reporting)
| x Version compatibility bump to Firefox 3.7a6pre

NoScript Security Suite 1.9.9.96 - June 23, 2010
------------------------------------------------

| v 1.9.9.96
| ==========================================================================
| x Fixed Script Surrogates activation glitches
|  
| v 1.9.9.95
| ==========================================================================
| x Fixed wrongly sized placeholders on Youtube (regression from rc1)
|  
| v 1.9.9.95rc2
| ==========================================================================
| x More accurated feedback on nested object blocking (thanks al_9x for
| reporting)
| + External filters command line template updated with request origin as
| the 3rd argument
|  
| v 1.9.9.95rc1
| ==========================================================================
| + imagebam surrogate kills popups over images and popunders on click
| + imagehaven surrogate kills popups over images and popunders on click
| + inserstitialBox surrogate kills interstital on imagevenue.com
| + "!@" prefixed surrogates run no matter whether scripts are enabled or
| disabled for the page (in a DOMContentLoaded event handler)
| x Fixed JS redirect handling causing duplicate object placeholders on
| scriptless pages containing embeddings only
| x Fixed ABE's SELF checks fail on redirects which contain a browser URL
|  
| v 1.9.9.94
| ==========================================================================
| x Fixed bookmarklets support on non-whitelisted pages broken in non-Places
| browsers like SeaMonkey (thanks therube for reporting)
| X Better icon feedback on page where there's no script element but some
| plugin content has been blocked
|  
| v 1.9.9.93
| ==========================================================================
| x Fixed ClearClick false positives when RTL content or browser settings
| put the vertical scrollbar on the left (thanks Mark Callow for report)
| x Fixed setting noscript.checkInjectionType to false did not disable the
| feature (thanks al_9x for report)
| x More accurate embedded object replacement (thanks al_9x for report)
|  
| v 1.9.9.92
| ==========================================================================
| x Fixed Places-related bug on Minefield (thanks mpz for reporting)
| x noscript.forbidIFrameContext=3 (allow same base domain) falls back to 2
| (allow same domain) if either the parent or the frame is marked as
| untrusted (thanks al_9x for suggestion)
| v 1.9.9.91
| ==========================================================================
| x More compatible docShell reaching, works around some buggy extensions
| which wrap browser.webNavigation just partially
| x InjectionChecker's XML reduction more compatible with SAML
|  
| v 1.9.9.90
| ==========================================================================
| + Optimal timing for page-level surrogates in frames
| x ClearClick exceptions are considered independently from the JavaScript
| whitelist as they should
| x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
| (thanks al_9x for reporting)
|  
| v 1.9.9.89
| ==========================================================================
| x More consistent web bugs blocking with forced NOSCRIPT elements, take 2
| (thanks al_9x for reporting)
| x More consistent icon feedback with docShell-based cascading JS blocking
| (thanks al_9x for reporting)
|  
| v 1.9.9.88
| ==========================================================================
| x Inclusion type checks try to infer file type from directory-like URLs
| x More consistent web bugs blocking with forced NOSCRIPT elements
| x Fixed object placeholder regressions in Gecko < 1.9 (thanks Rob for
| reporting)
| x Version compatibility bump to Firefox 3.7a6pre

NoScript Security Suite 1.9.9.87 - June 8, 2010
-----------------------------------------------

| v 1.9.9.87
| ==========================================================================
| x Improved URL parsing in META refresh interception
| x Optimized \* universal pattern in AddressMatcher
| x Better error reporting during the execution of location bar scriptlets
|  
| v 1.9.9.86
| ==========================================================================
| + Better timing for page-level script surrogates inside frames
| + mime/type@http://\ `site.com <http://site.com>`__ syntax support for
  noscript.allowedMimeRegExp
| preference (thanks Gregyski for request)
| + Improved XSS checks accuracy (less false positives) and performance
| + Enhanced management of recent Silverlight versions (thanks al_9x for
| reporting)
|  
| v 1.9.9.85
| ==========================================================================
| + More accurate checks for META inside NOSCRIPT with HTML 5 parser
| x Fixed possible DOS condition on some kinds of very long URLs
|  
| v 1.9.9.84
| ==========================================================================
| x Improved heuristic for background refresh automatic blocking and
| reenablement
| x Fixed regressed "Follow" button on META refresh inside NOSCRIPT element
|  
| v 1.9.9.83
| ==========================================================================
| x Fixed some sites refreshing themselves even if another load has been
| initiated (thanks Dirk S for reporting)
|  
| v 1.9.9.82
| ==========================================================================
| + More discreet and automated anti-tabnagging protection (refreshes are
| blocked on unfocused tabs and get automatically executed only when
| tab gets in focus again)
| + Slight optimization of AddressMatcher tests on .site.com clauses
| x Fixed noscript.forbidBGRefresh.exceptions not being honored
| x Better handling of error conditions happening during ABE's channel
| replacement internal redirections (thanks al_9x for reporting)
| x Fixed minor feedback icon glitches (thanks al_9x for reporting)

NoScript Security Suite 1.9.9.81 - May 27, 2010
-----------------------------------------------

| v 1.9.9.81
| ==========================================================================
| + Experimental blocking of page refreshes happening inside untrusted
| unfocused tabs, should provide protection against Aviv Raff's scriptless
| "tabnabbing" variant. Enabled by default, can be controlled through the
| noscript.forbidBGRefresh about:config integer preference:
| 0 - no blocking
| 1 - block refreshes on untrusted unfocused tabs
| 2 - block refreshes on trusted unfocused tabs
| 3 - block refreshes on both trusted and untrusted unfocused tab
| Address patterns matching pages which shouldn't be affected can be
| listed in the noscript.forbidBGRefresh.exceptions preference
| x Fixed XSS false positive in new 3.7 add-ons manager
| x Fixed meta-refresh URL parsing mismatch
| x Fixed import script surrogates being broken by a 1.9.9.79 regression
|  
| v 1.9.9.80
| ==========================================================================
| x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
| allowed but some objects blocked" one when the blocked objects' domains
| are not whitelisted for scripting (thanks al_9x for reporting)
| x Fixed "Scripts allowed but some objects blocked" icon not being used for
| blocked web fonts (thanks Alan Baxter for reporting)
| x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
| request is for a subdocument (the blocking is logged in the Console, use
| SUB if user-facing notification is needed)
| x Fixed privileged XMLHttpRequests for untrusted resources being blocked
| if HTTP redirections occurred (thanks mari for reporting)
| + Better compatibility with IronPort web-based tools (thanks Ron Collins
| for reporting)
|  
| v 1.9.9.79
| ==========================================================================
| x Script surrogates whose source starts with the '!' get executed on
| pages where scripts are disabled (on document DOM completion, rather
| than before HTML parsing starts like regular surrogates)

NoScript Security Suite 1.9.9.80 - May 26, 2010
-----------------------------------------------

| 1.9.9.80
| ==========================================================================
| x Fixed "Partially allowed scripts" icon shown instead of the "Scripts
| allowed but some objects blocked" one when the blocked objects' domains
| are not whitelisted for scripting (thanks al_9x for reporting)
| x Fixed "Scripts allowed but some objects blocked" icon not being used for
| blocked web fonts (thanks Alan Baxter for reporting)
| x (ABE) Deny on INCLUSION don't trigger a notification even if the blocked
| request is for a subdocument (the blocking is logged in the Console, use
| SUB if user-facing notification is needed)
| x Fixed privileged XMLHttpRequests for untrusted resources being blocked
| if HTTP redirections occurred (thanks mari for reporting)
| + Better compatibility with IronPort web-based tools (thanks Ron Collins
| for reporting)
|  
| v 1.9.9.79
| ==========================================================================
| x Script surrogates whose source starts with the '!' get executed on
| pages where scripts are disabled (on document DOM completion, rather
| than before HTML parsing starts like regular surrogates)
|  
| v 1.9.9.78
| ==========================================================================
| x Redirect cache for scripts and XBL only
| x Fixed cross-site CSS being blocked under some circumstances (e.g.
| on Flicker and Yahoo)

NoScript Security Suite 1.9.9.77 - May 17, 2010
-----------------------------------------------

| 
| v 1.9.9.77
| ==========================================================================
| + ABE INCLUSION(type1, type2, type3...) pseudo-method allows rules to take
| request type (e.g. SCRIPT vs CSS) in account
| + ABE SELF+ (same domain) and SELF++ (same base domain) pseudo-origins
| x Fixed iconic feedback inconsistencies when untrusted blocked objects
| are mixed with full-trusted content (tanks al_9x for reporting)
| x Fixed Injection Checker false positives on some kinds of complex nested
| URLs (thanks Sirdarckcat for reporting)
| x Tweaked ClearClick for Disqus compatibility (thanks John for reporting)
|  
| v 1.9.9.76
| ==========================================================================
| x Fixed broken menu on Minefield when External Filters are enabled (thanks
| linuser for reporting)
| x Fixed about: URL not being shown in NoScript menu (thanks al_9x for
| reporting)
| x Removed minor strict warnings on Minefield
|  
| v 1.9.9.75
| ==========================================================================
| x Redirected site caching now skips plugin content
| x Removed \__parent_\_ usages for Minefield compatibility
| x Removed some strict warnings (thanks timeless for reporting)

NoScript Security Suite 1.9.9.74 - May 1, 2010
----------------------------------------------

| v 1.9.9.74
| ==========================================================================
| x Fixed false positive issue with empty cross-site POST requests (thanks
| Bahamut for reporting)
|  
| v 1.9.9.73
| ==========================================================================
| x Fixed potential double-firing command issue on Firefox Mobile
| + Added about:addons and about:home to the mandatory whitelist
| + Improved responsivity and usability on Firefox Mobile
|  
| v 1.9.9.72
| ==========================================================================
| x Fixed configuration import/export/synchronization bug introduced by
| "configuration presets" for Firefox Mobile
| + Finger-friendlier UI on Firefox Mobile

NoScript Security Suite 1.9.9.71 - April 29, 2010
-------------------------------------------------

| v 1.9.9.71
| ==========================================================================
| + Added "Allowed with untrusted sources and blocked objects" icon
| x Fixed minor inconsistencies in new partial allowance feedback icons
| (thanks al_9x for reporting)
|  
| v 1.9.9.70
| ==========================================================================
| + Compatibility and better integration with latest Firefox Mobile (Fennec)
| + Experimental external filters for plugin content (e.g. Blitzableiter for
| Adobe Flash), see NoScript Options|Advanced|External Filters (Fx >=3.5)
| + New specific partial status icon for pages where all scripts are allowed
| but some objects are blocked (thanks al_9x for RFE)
| + "about:blank" won't be shown as a secondary source in NoScript's UI. Old
| behavior can be restored by setting the noscript.showBlankSources
| preference to true (thanks al_9x for RFE)
| + googleapis.com in the default whitelist
| x Fixed 2nd order indirect InjectionChecker bypass (thanks Sirdarckcat for
| reporting)
| x Fixed a Mac OS X specific InjectionChecker decoding issue (thanks
| Colling Jackson for reporting)

NoScript Security Suite 1.9.9.69 - April 20, 2010
-------------------------------------------------

| v 1.9.9.69
| ==========================================================================
| x Further compatibility improvements in complex bookmarklets handling
|  
| v 1.9.9.68
| ==========================================================================
| x Better asynchronous bookmarklets handling, should not crash on
| Readability anymore
| x Ultimate (maybe!) fix for trunk bug 556739 breakage
|  
| v 1.9.9.67
| ==========================================================================
| x Better fix for trunk bug 556739 breakage
|  
| v 1.9.9.66
| ==========================================================================
| x Further embed-only sites in menu fixes (thanks al_9x for reporting)
|  
| v 1.9.9.65
| ==========================================================================
| x Fixed bookmarklet support broken on trunk by bug 556739 (thanks dhouwn
| for reporting)
| x Fixed embed-only sites shown in main menu again (thanks al_9x for
| reporting)
|  
| v 1.9.9.64
| ==========================================================================
| x Better untrusted menu behavior on embedding only sources (thanks al_9x
| for reporting)
| x Improved InjectionChecker compatibility with OpenID and other complex
| requests (thanks Jamie Cox for reporting)
| x Fixed accurate Base64 injection checks breaking some encrypted Paypal
| buttons

NoScript Security Suite 1.9.9.63 - April 15, 2010
-------------------------------------------------

| v 1.9.9.63
| ==========================================================================
| x Removed ":0" wildcards from NoScript menu in ignorePorts=false mode to
| prevent confusing behaviors (thanks al_9x for suggestion)
| + Embedding-only sites are shown in the Untrusted menu if placeholders are
| set to be hidden for untrusted embeddings (thanks al_9x for suggestion)
|  
| v 1.9.9.62
| ==========================================================================
| x Improved XSS filter sensitivity for Base64-encoded payloads (thanks
| Stefano Di Paola for suggestion)
| x Improved Facebook connect compatibility (thanks Peter Alexander for
| reporting)
| x Removed \__count_\_ usage in DNS cache management (SpiderMonkey compat)
| x Fixed "Attempt to fix Javascript links" not working when the javascript:
| scheme is mixed-case (thanks al_9x for reporting)

NoScript Security Suite 1.9.9.61 - April 3, 2010
------------------------------------------------

| v 1.9.9.61
| ==========================================================================
| x Fixed InjectionChecker infinite recursion bug on certain requests
| (thanks dhouwn for reporting)
| x Fixed plugin activation patches not being applied under some
| circumstances
|  
| v 1.9.9.60
| ==========================================================================
| + Pluggable site info page (default
  `http://noscript.net/info/%utf8%;%ace%) <http://noscript.net/info/%utf8%;%ace%)>`__
| can be opened by middle-click or shift+click on any site entry in
| NoScript's menus, and can be configured by editing the
| noscript.siteInfoProvider about:config preference
| + More user-friendly management of non-standard TCP ports
| x Fixed release notes page might break session restore sometimes
| x Locale files maintenance
| + Object sources won't appear in main menu when embedding restrictions
| apply to whitelist; previous behavior can be restored by setting the
| noscript.alwaysShowObjectSources to false (thanks al_9x for RFE)
|  
| v 1.9.9.59
| ==========================================================================
| x Better management of cached requests
| x Fixed allowing objects from "Blocked objects" reloading only the first
| of each URL/mime pair group (thanks al_9x for reporting)
| x Improved Facebook widgets compatibility (thanks Peter Alexander and
| Chuck Mullen for reporting)
| x Fixed "Allow scripts globally" setting being ignored by the bulk
| configuration import feature (thanks Mike Perry for reporting)
| x Fixed "Mark as untrusted" menu items being shown in "Allow scripts
| globally" mode even if both "Untusted" and "Mark as untrusted" are
| unchecked in the Appearace options tab (thanks Mike Perry for reporting)
| x Improved bookmarklets support
| x Minor bug fixes in jolly port matching
| x Improved Anti-Popunder surrogate (thanks justaguest for reporting)
|  
| v 1.9.9.58
| ==========================================================================
| x Fixed HTMLObjectElement plugin content being blocked by X-Frame-Options
| checks (thanks Titioz for reporting)
| x Fixed https://bugzilla.mozilla.org/show_bug.cgi?id=553901

NoScript Security Suite 1.9.9.57 - March 18, 2010
-------------------------------------------------

| v 1.9.9.57
| ==========================================================================
| x Fixed feed subscription broken on sites implementing X-Frame-Policy
| (regression from 1.9.9.56, thanks al_9x for reporting)
| x Included js.wlxrs.com in default whitelist in order to make Hotmail
| login work out-of-the-box for new users

NoScript Security Suite 1.9.9.50 - Feb. 26, 2010
------------------------------------------------

| v 1.9.9.50
| ==========================================================================
| + Updated ABE grammar to use new AddressMatcher syntactic sugar
| + Alert about ABE syntax errors when option dialog gets focused after a
| ruleset editing (thanks al_9x for suggestion)
| v 1.9.9.49
| ==========================================================================
| + .x.y AddressMatcher syntactic sugar, matching both x.y and \*.x.y (thanks
| al_9x for suggestion)
| + InjectionChecker speed and accuracy improvements
| x Fixed top-level site not being correctly positioned and highlighted in
| permissions menu sometimes (thanks nagan for report)
| x Fixed post-XSS "Unsafe reload" not working properly sometimes
|  
| v 1.9.9.48
| ==========================================================================
| x Fixed a second level InjectionChecker bypass, requiring an open redirect
| which accepts and uses unfiltered data: URIs. Responsible disclosure by
| the SecuriTeam Secure Disclosure (SSD) project
| x Fixed reload on permission change being triggered on the nearest 10 tabs
| only
| x Fixed permanent address entry being added to the whitelist if domain is
| already allowed upon bookmarklet execution (thanks Bobabo for report)
| x Better UI behavior for URLs with non-standard ports (thanks al_9x for
| report)
| x Updated nb-NO localization

NoScript Security Suite 1.9.9.47 - Feb. 12, 2010
------------------------------------------------

| v 1.9.9.47
| ==========================================================================
| x Fixed XSS checks skipped on some reloads (thanks Alejandro Rusell for
| report)
| x Improved content placeholder management
| x Mobile version bump
|  
| v 1.9.9.46
| ==========================================================================
| x Fixed uneeded tab reload issue related to untrusted subdomains (thanks
| al_9x for reporting)
| x Optimized reload checks for the "hundreds of tabs" case, in order to
| prevent UI locking
| x Improved XSS checks on file uploads, should not hang even on gigabytes
| x Trunk compatibility version bump

NoScript Security Suite 1.9.9.45 - Feb. 4, 2010
-----------------------------------------------

| v 1.9.9.45
| ==========================================================================
| x Enhanced compatibility with Paypal encrypted buttons
| x Fixed some anti-popunder surrogate incompatibilities
|  
| v 1.9.9.44
| ==========================================================================
| x Fixed allowing a Flash object causing a page reload sometimes (thanks
| al9_x for reporting)
| x Script Surrogate to work around Facebook's "noscript" cookie
| x Fixed minor incompatibilities caused by the anti-popunder surrogate
|  
| v 1.9.9.43
| ==========================================================================
| x Fixed broken popup issue on some sites (thanks John for reporting)
| x Fixed ghost sites in context menus on about:blank after a complex
| frame structure with redirects has been shown in the same tab (thanks
| simpleton for reporting)
| x Fixed XSS false positive on certain nested URL patterns (thanks
| NoRelationToNed for reporting)

NoScript Security Suite 1.9.9.42 - Jan. 27, 2010
------------------------------------------------

| v 1.9.9.42
| ==========================================================================
| + ClearClick: more efficient code paths specific to Fx 3.6 and above
| x Fixed zoom-related ClearClick false positives on Fx 3.6 and above
| x Fixed fonts being reported as "unknown" type in Blocked Objects menu
|  
| v 1.9.9.41
| ==========================================================================
| + Fix for newline-based double-reflection InjectionChecker bypass (thanks
| Sirdarckcat for reporting)
| x Surrogate scripts from local files: surrogate's replacement is treated
| as a file:// URL and resolved against current browser profile if it
| starts with "file://", "./" or "../" (thanks Richard Stallman, Johan
| Euphrosine and Sam Imtiaz)
|  
| v 1.9.9.40
| ==========================================================================
| x Improved bookmarklet compatibility

NoScript Security Suite 1.9.9.39 - Jan. 20, 2010
------------------------------------------------

| v 1.9.9.39
| ==========================================================================
| x Fixed quirks mode triggered by surrogate execution on Gecko < 1.9.1
| (thanks Power for suggestions)
|  
| v 1.9.9.38
| ==========================================================================
| x Fix for some popups broken by 1.9.9.37
|  
| v 1.9.9.37
| ==========================================================================
| x Fixed potential infinite loop occurring when window.open is called in a
| recursive context, e.g. on Google Reader (thanks Qbert for reporting)
| x Fixed mishandling of non-default 1 value for the proxiedDNS preference

NoScript Security Suite 1.9.9.36 - Jan. 16, 2010
------------------------------------------------

| v 1.9.9.36
| ==========================================================================
| + Anti-Popunder surrogate now applies to all HTTP pages by default
| + DNS activity logging facility (disabled by default)
| x Slight optimization of DNS lookups
| x Temptative fix for https://bugzilla.mozilla.org/show_bug.cgi?id=501446
| crasher (thanks timeless)

NoScript Security Suite 1.9.9.35 - Jan. 6, 2010
-----------------------------------------------

| v 1.9.9.35
| ==========================================================================
| x Updated Firefox Mobile (Fennec) compatibility
| x Improved and generalized Anti-Popunder surrogate
|  
| v 1.9.9.34
| ==========================================================================
| + Anti-Popunder surrogate extended to AWEmpire popunders (on empornium.us
| by default, customizable in noscript.surrogates.popunder.sources)
| x Fixed bug in bookmarklet support on about:blank (thanks Milind for
| reporting)
| x Improved InjectionChecker compatibility with letitbit.net uploads
| x Improved InjectionChecker compatibility with Rapidshare uploads
|  
| v 1.9.9.33
| ==========================================================================
| x Better HTTPS/HTTP redirection support (thanks ttt for reporting)
|  
| v 1.9.9.32
| ==========================================================================
| + Further InjectionChecker optimizations, providing a dramatic speed boost
| on nested URLs (e.g. on iGoogle and many ad networks)
|  
| v 1.9.9.31
| ==========================================================================
| + InjectionChecker accuracy optimization, preventing false positives in
| some edge cases with nested URLs (thanks Aditya K Sood for reporting)

NoScript Security Suite 1.9.9.30 - Dec. 30, 2009
------------------------------------------------

| v 1.9.9.30
| ==========================================================================
| + Injection Checker compatibility with Livejournal comment posting
| + Improved ClearClick compatibility with Facebook applications
|  
| v 1.9.9.29
| ==========================================================================
| x Temptative work-around for hard to reproduce content policy DOS false
| positive on comcast.net (thanks Jim Too and Alan Baxter for reporting)
|  
| v 1.9.9.28
| ==========================================================================
| x Work-around for a Flash player double-instantiation bug in Gecko 1.9.0
| preventing some movies from playing (thanks secdroid for reporting)
| - Removed placeholder enhancements for Gecko 1.8.x, due to unwanted side
| effects on some sites

NoScript Security Suite 1.9.9.27 - Dec. 18, 2009
------------------------------------------------

| v 1.9.9.27
| ==========================================================================
| x Placeholder enhancements backported to Gecko 1.8.x
| x Fixed missing placeholders on Gecko 1.8.x (thanks al9_x for reporting)
|  
| v 1.9.9.26
| ==========================================================================
| x Reduced reflow chances on placeholder activation
| x Improved InjectionChecker compatibility with Facebook Connect
|  
| v 1.9.9.25
| ==========================================================================
| x Fixed Flash swallowed clicks regression on Gecko 1.8.x (thanks al9_x for
| reporting)
|  
| v 1.9.9.24
| ==========================================================================
| x Fixed "Temporarily allow" regression
|  
| v 1.9.9.23
| ==========================================================================
| + Specific scriptless partial permissions icon for partially allowed
| framesets (thanks al9_x for reporting)
| x Reduced disk activity on permission change (thanks al9_x for RFE)
| x Work-around for a Java initialization failure

NoScript Security Suite 1.9.9.22 - Dec. 14, 2009
------------------------------------------------

[no description]

NoScript Security Suite 1.9.9.18 - Nov. 27, 2009
------------------------------------------------

| v 1.9.9.18
| ==========================================================================
| x Removed residual compound attribute-based injection chance (thanks
| Sirdarckcat for reporting)
|  
| v 1.9.9.17
| ==========================================================================
| x Fixed residual crash issue when favicons need to be redirected to HTTPS
| x Enhanced ClearClick compatibility with Photbucket
|  
| v 1.9.9.16
| ==========================================================================
| + Better object unblocking behavior, triggering a page reload if allowed
| object has no layout (i.e. was meant to be scripted only), increasing
| usability of trusted restrictions e.g. in VMWare Server's console
| x Work-around for a Firefox image caching crashing bug triggered by HTTPS
| enforcement on mixed content
| x Improved compatibility with Ebay (thanks STB2008 for reporting)

NoScript Security Suite 1.9.9.15 - Nov. 16, 2009
------------------------------------------------

| v 1.9.9.15
| ===================================================================
| x Fixed HTTPS enforcement for embedded images breaking HTTP authentication
| (thanks polie for report)
| x Fixed XHR breakage when called from a Worker (thanks Apeiron for report)
| x Skip link fixing on right click
| x Improved bookmarklet execution mechanism
| x Improved compatibility of InjectionChecker with Facebook Connect
| x Improved compatibility of InjectionChecker with Lycos Mail

NoScript Security Suite 1.9.9.14 - Oct. 27, 2009
------------------------------------------------

| v 1.9.9.14
| ==========================================================================
| x Fixed page loading issues (hard to reproduce but reported by many)
|  
| v 1.9.9.13
| ==========================================================================
| x Fixed page loading regression from "Hijack checks skip error pages"
| optimization in 1.9.9.12 (hard to reproduce but reported by many)
| x Fixed attribution of Romanian translation

NoScript Security Suite 1.9.9.12 - Oct. 26, 2009
------------------------------------------------

| v 1.9.9.12
| ==========================================================================
| + Allowing a plugin object which size is not set reloads the page,
| assuming that scripts are used to size it
| + Google Translate XSS exception
| + abine:\* ClearClick subexception
| + Updated localizations
| x Removed current URL leaking into RegExp properties if invisible link
| detection is enabled
| x Hijack checks must skip error pages (thanks luntrus for report)
| x Fixed XSS false positive at travelocity.com (thanks Chris Lonsberry)

NoScript Security Suite 1.9.9.11 - Oct. 13, 2009
------------------------------------------------

| v 1.9.9.11
| ==========================================================================
| + Reorganization of the "Embeddings" (FKA "Plugins") options panel
| + "Forbid <VIDEO>, <AUDIO>" option in the "Embeddings" panel
| + "Forbid @font-face" option in the "Embeddings" panel
| + ClearClick report id made selectable (thanks therube for RFE)
|  
| v 1.9.9.10
| ==========================================================================
| + Webfonts blocking from untrusted sources and on untrusted pages,
| controlled by the noscript.forbidFonts about:config preference (UI
| planned for later, thanks Mike Perry for RFE)
| + noscript.forbidMedia about:config preference controlling HTML 5 media
| blocking independently from the "Forbid other plugins" setting (UI
| planned for later)
| + Improved live object allowing/forbidding
| x Fixed potential false positives generated by Spidermonkey's decompiler
| artifacts
|  
| v 1.9.9.09
| ==========================================================================
| x Fixed noscript.forbidData not being honored (thanks Chris for report)
| x Fixed Trillian to Yahoo Mail! XSS false positive (thanks maryadavies and
| Thomas for reports)
|  
| v 1.9.9.08
| ==========================================================================
| x Fixed potential cache issues due by header cloning on internal redirects
| (thanks GregThomas for report)

NoScript Security Suite 1.9.9.07 - Oct. 5, 2009
-----------------------------------------------

| v 1.9.9.07
| ==========================================================================
| + Improved Google Analytics surrogate, handling form submissions (thanks
| Alan Baxter for report)
|  
| v 1.9.9.06
| ==========================================================================
| + Added https://mail.google.com/* to X-Frame-Options parent whitelist, in
| order to allow GMail/Calendar mashups via extensions and GreaseMonkey
| x Fixed noscript.forbidIFrameContext set to 0 blocking top-level web pages
| loading (thanks al_9x for report)
| x Fixed Yahoo! Mail login persistence issue (thanks Ronnie for report)
|  
| v 1.9.9.05
| ==========================================================================
| + Improved emulation of complex bookmarklet import sequences
| x Fixed potential issue in new InjectionChecker C++ style comments code
|  
| v 1.9.9.04
| ==========================================================================
| x Fixed header cloning bug in internal redirections
| x Better management of C++ style comments in InjectionChecker
| x Fixed legacy frames retargeting bug (thanks Andrew Fisher for reporting)
|  
| v 1.9.9.03
| ==========================================================================
| + noscript.frameOptions.enabled about:config preference to control if the
| X-Frame-Options header must be honored
| x noscript.frameOptions.parentWhitelist preference to exclude some parent
| window from X-Frame-Options checks on their embedded frames
| x Enhanced internal redirection mechanism
| x Fixed Weave 0.7pre log window incompatibility
|  
| v 1.9.9.02
| ==========================================================================
| x Improved InjectionChecker's heuristic (thanks Sirdarckcat for reporting)

NoScript Security Suite 1.9.9.01 - Sept. 24, 2009
-------------------------------------------------

| v 1.9.9.01
| ==========================================================================
| x Fixed InjectionChecker micro-injecion scanning bug (thanks Sirdarckcat
| for reporting)
|  
| v 1.9.9 (FKA 1.9.8.9)
| ==========================================================================
| + First public Strict Transport Security implementation, see
| http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/
| x Fixed Javascript disabled in about:neterror pages if the broken
| destination page is marked as untrusted (thanks al_9x for report)
| x Improved HTTPS enforcement, honoring original referer
| x Fixed a potential "unresponsive script" InjectionChecker condition
| (thanks Sirdarckcat for reporting)
| x Fixed help links not opening from NoScript's UI on Minefield
| x Fixed ABE LOCAL symbol matching 172.16.0.0/16 rather than the
| whole 172.16.0.0/12 (thanks Antal for reporting)
|  
| v 1.9.8.89
| ==========================================================================
| x InjectionChecker optimization on long Base64 sequences (thanks skl
| for report)
|  
| v 1.9.8.88
| ==========================================================================
| x X-Frame-Options applied only to ultimate load, after redirection
| (compatibility with IE8's and Chrome's implementation)
| x Fixed Flash activation bug on Gecko

NoScript Security Suite 1.9.8.86 - Sept. 14, 2009
-------------------------------------------------

| v 1.9.8.86
| ====================================================================
| x Fixed kongregate.com incompatibility (thanks jthill for report)
|  
| v 1.9.8.85
| ====================================================================
| + Updated MK locale
| x QA for release
|  
| v 1.9.8.84
| ====================================================================
| x Flash object emulation to fool SWFObject 2.2 version detection
| without instantiating a real Flash object (thanks al9_x for test)
|  
| v 1.9.8.83
| ====================================================================
| x Fixed bug in the new Flash early instantiation management (thanks
| al9_x for reporting)
|  
| v 1.9.8.82
| ====================================================================
| x Upper limit to bookmarklet setTimeout() emulation, in order to
| prevent infinite pseudo-loops
| x Improved InjectionChecker algorithms (thanks Sirdarckcat for
| suggestions)
| x Early URL-less Flash objects are instantiated only if Flash
| permissions have been already granted to the origin site
|  
| v 1.9.8.81
| ====================================================================
| x Fixed issue with early manipulation of Flash objects whose source
| URL has not been set yet (thanks al9_x for reporting and Grump
| Old Lady for proxy/VPN testing infrastructure)

NoScript Security Suite 1.9.8.8 - Sept. 2, 2009
-----------------------------------------------

| v 1.9.8.8
| ====================================================================
| x Improved bookmarklet setTimeout() emulation (delay ordering is
| honored and pseudo-recursion is supported)
| x Update locales
|  
| v 1.9.8.72
| ====================================================================
| x Moved the NoScript status label to the left of the status icon,
| in order to avoid "jumps" when using the sticky menu (thanks nagan
| and frsch for suggestions)
| x Improved management of HTTPS forcing during HTTP redirections
| x Fixed incompatibility with Minefield/3.7a1pre build 20090827
| (thanks Itsnow for reporting)
|  
| v 1.9.8.71
| ====================================================================
| + "Recently blocked sites" now shows the object icon for trusted
| sites which are listed because some content has ben blocked
| x Fixed sites shown in "Recently blocked sites" if content-blocking
| restrictions are applied even when no content has been blocked yet
| (thanks Alan Baxter for reporting)

NoScript Security Suite 1.9.8.7 - Aug. 25, 2009
-----------------------------------------------

| v 1.9.8.7
| ====================================================================
| x Fixed minor bugs in "Recent blocked sites" implementation
| x Updated Rumenian
| x Fixed encoding issue with configuration import/export/sync (thanks
| m_c for reporting)
|  
| v 1.9.8.61
| =====================================================================
| + Optimization of multiple regexp preferences
| x Fixed XSS filter exceptions not being honored if URL contains
| percent-encoded character which are invalid UTF-8 code points
| (thanks Bueller007 for reporting)
| x Fixed UTF8 overdecoding checks interfering with some Japanese sites
| (thanks Bueller007 for reporting)
|  
| v 1.9.8.6
| =====================================================================
| + Reset command in "Recently blocked sites" menu (thanks Fred for
| suggestion)
| + For privacy reasons "Recently blocked sites" are erased everytime
| user purges history
| + Temporary permissions are revoked and "Recently blocked sites" are
| erased everytime user exits the "Private Browsing" mode
| x Fixed DNS-sensitive frame blocking bug
|  
| v 1.9.8.5
| =====================================================================
| + New "Recently blocked sites" menu to allow active content origins
| which have been recently blocked but are unrelated with current
| page (e.g. loaded in custom frames provided by extensions)
| x Fixed some glitch in temporary permissions handling (thanks
| computerfreaker for reporting)
| x Simplified bookmarklet permissions granting
| x Simplified ABERequest lifecycle management
| x Prevented potential memory leak

NoScript Security Suite 1.9.8.4 - Aug. 18, 2009
-----------------------------------------------

| v 1.9.8.4
| =====================================================================
| x Fixed ABE internal redirection on DNS cache miss interfering with
| injection checks under some circumstances
|  
| v 1.9.8.3
| =====================================================================
| + Full HTML 5 event attributes InjectionChecker support
| x Fixed DNS resolution notification causing event loop spinning and
| perceived slowness of "Open all in tabs" command
| x Removed InjectionChecker bypass (thanks Sirdarckcat for reporting)
| + Updated locales
|  
| v 1.9.8.2
| =====================================================================
| x Improved protection against DOS attacks (thanks Gereth Heyes for
| testbed)

NoScript Security Suite 1.9.8.1 - Aug. 11, 2009
-----------------------------------------------

| v 1.9.8.1
| =====================================================================
| x Fixed Mac OS X specific hang bug triggered by STATUS_RESOLVING DNS
| notifications for some sub-requests
|  
| v 1.9.8
| =====================================================================
| + ABE's caching DNS requests now send STATUS_RESOLVING notifications
| (thanks al9_x for RFE)
| x Improved injection checks (thanks Sirdarckcat for reporting)
| x Fixed invalid chars in host names causing loads to fail without any
| visible error feedback
| x Work around for breakages caused by the .NET Framework Assistant,
| http://adblockplus.org/blog/the-return-of-net-framework-assistant
| + ABE grammar source (ABE.g) included in the distributed XPI (thanks
| al9_x for noticing its absence)

NoScript Security Suite 1.9.7.9 - Aug. 4, 2009
----------------------------------------------

| v 1.9.7.9
| =====================================================================
| x Improved XSS filter compatibility with some decimal coordinates
| patterns
| x Fixed JavaScript IFrame manipulation causes documents to be loaded
| in a new window sometimes (thanks Derek Greentree for reporting)
|  
| v 1.9.7.86
| =====================================================================
| x Improved XSS filter compatibility with MySpace modules (thanks
| Dixie for reporting)
|  
| v 1.9.7.85
| =====================================================================
| x Improved permission change speed for very long lists / very slow
| CPUs (thanks Boyd Noorda for reporting)
|  
| v 1.9.7.84
| =====================================================================
| x Fixed HTTPS-forced subrequests being cancelled sometimes
|  
| v 1.9.7.83
| =====================================================================
| x Fixed plugin content could not be navigated through legacy frames
|  
| v 1.9.7.82
| =====================================================================
| x Fixed URL classifier not being called for hosts whose DNS record is
| not cached yet by ABE (thanks "Fellow Noscripter" for reporting)
|  
| v 1.9.7.81
| =====================================================================
| x Fixed domain name resolution delayed for cached failed responses
| after a network reconnection (thanks foxicat for reporting)
|  
| v 1.9.7.8
| =====================================================================
| x Fixed invisible links detection turning some links into absolutely
| positioned if they have no layout on load (thanks dpmccabe for
| reporting)
| x Improved specificity of data: URL injection detection (thanks Tom
| for reporting)

NoScript Security Suite 1.9.7.7 - July 30, 2009
-----------------------------------------------

| v 1.9.7.7
| =====================================================================
| x Fixed DNS cache status interfering with HTTPS redirections
|  
| v 1.9.7.6
| =====================================================================
| + Fixed HTTPS-bound active content restrictions preferences not being
| honored sometimes (thanks Peter Meier for reporting)
|  
| v 1.9.7.5
| =====================================================================
| + HTML 5 video and audio are blocked also when loaded as documents
| in a frame or in a top-level window
|  
| v 1.9.7.4
| =====================================================================
| x Decoupled legacy frame blocking from "Forbid IFrames" (thanks
| Grumpy Old Lady for reporting)
|  
| v 1.9.7.3
| =====================================================================
| x Fixed IFrame blocking being delayed to DNS resolution when ABE is
| active (thanks Mike A. for reporting)
| x Fixed Frame blocking leading to extra history entries on unblocking
|  
| v 1.9.7.2
| =====================================================================
| x Content serviced with the "Content-disposition: attachment" header
| (forced downloads) should not be subject to plugin blocking
| policies (thanks nagan for reporting)
| x ABE checks should be skipped for XHR requests made from chrome
|  
| v 1.9.7.1
| =====================================================================
| x Inclusion type checks accomodating hosting errors in AOL gadgets,
| outbrain.com widgets and E-junkie libraries
| x Fixed es-CL locale metadata

NoScript Security Suite 1.9.7 - July 24, 2009
---------------------------------------------

| v 1.9.7
| =====================================================================
| x 1.9.6.96 RC repackaged for release
|  
| v 1.9.6.96
| =====================================================================
| x Fixed "Send to" context menu item broken Google Toolbar 5 (thanks
| Juan Ignacio Gaviria for reporting)
| x Fixed cache issues in non-ABE blocking context on Gecko < 1.9
| caused by alternate blocking method for ABE "Deny" action (thanks
| al9_x and Tom T for reporting)
|  
| v 1.9.6.95
| =====================================================================
| + Signed XPI
| x Fixed JS redirect detection overzelous on pages containing CSS
| content-less links (thanks zaxy for reporting)
| x Fixed issue with plugin content activation (thanks Mel Reyes for
| reporting)
|  
| v 1.9.6.94
| =====================================================================
| x More informative error messages on failed XSS filter DOS attempt
|  
| v 1.9.6.93
| =====================================================================
| x Inclusion type checks play smoother on script dynamically served
| with a wrong Content-type header
| x Fixed temporarily allowing a class of objects from the Blocked
| Objects menu not working sometimes (thanks Chad Morse for report)
| x Fixed placeholders not working (invalid host name) on Gecko 1.8
| (thanks hewee for report)
|  
| v 1.9.6.92
| =====================================================================
| x More accurate (and lenient towards misconfigured servers) inclusion
| type checks (thanks makini and Sheilaq for reports)
|  
| v 1.9.6.91
| =====================================================================
| x Fixed HTTP Referer header being omitted when a DNS cached record is
| not found for the request

NoScript Security Suite 1.9.6.9 - July 22, 2009
-----------------------------------------------

| v 1.9.6.9
| =====================================================================
| x Fixed default whitelist not being installed on first run anymore
| since 1.9.6's fix for multibyte temporary allow / mark as untrusted

NoScript Security Suite 1.9.6.8 - July 21, 2009
-----------------------------------------------

| v 1.9.6.8
| =====================================================================
| x Inclusion content type checking now graces default file extensions
| x Improved XSS filter pre-screening efficiency
| x Prefixed content type based inclusion blocking message

NoScript Security Suite 1.9.5 - June 29, 2009
---------------------------------------------

| v 1.9.5
| =====================================================================
| x Fixed forbidden objects in allowed documents not causing partially
| allowed icon on first load in Gecko < 1.9 (thanks al9_x for report)
| x Fixed forbidden objects in mixed trusted/blacklisted pages not
| causing partially allowed icon (thanks al9_x for report)
|  
| v 1.9.4.91
| =====================================================================
| x Fixed late request cancelation of scripts preventing page from
| complete loading
| x Fixed refreshing ABE rulesets enabling back disabled local rulesets
|  
| v 1.9.4.9
| =====================================================================
| x Fixed DNS cache purging bug (thanks therube for reporting)
|  
| V 1.9.4.8
| =====================================================================
| x Parallelization of DNS activity bringing huge ABE performance gain
| x Minor fixes in LOCAL policies enforcing
|  
| V 1.9.4.7
| =====================================================================
| x Fixed possible deadlock introduced in 1.9.4.6
| x Fixed DNS cache purging bug
|  
| v 1.9.4.6
| =====================================================================
| x Refactoring of content policy related code
| x Another memory optimization iteration
| x Restored automatic Seamonkey profile install cleaner
|  
| v 1.9.4.5
| =====================================================================
| x Further memory footprint and performance ABE optimizations
|  
| v 1.9.4.4
| =====================================================================
| + Origin tracing speed and accuracy improvements
| + Enhanced frame busting emulation
| + Further DNS optimizations
|  
| v 1.9.4.3
| =====================================================================
| x Optimized garbage collection in DNS 2nd level cache
|  
| v 1.9.4.2
| =====================================================================
| x Fixed mixed content SSL false positives when ABE enabled
| x Fixed file:// entry added to whitelist everytime a 2nd level
| domain gets allowed on Gecko >= 1.9 (thanks GµårÐïåñ for reporting)
|  
| v 1.9.4.1
| =====================================================================
| + Implemented 2nd level DNS cache fixing some artifacts/crashes on
| Google Maps and some latency issues in Gecko < 1.9 (thanks therube
| and Alan Baxter for reporting)
|  
| v 1.9.4 RC2
| =====================================================================
| x Fixed page content getting randomly scrambled during heavily
| concurrent loads when ABE's asynchronous networking is enabled
| x Fixed password manager autofill failing sometimes (thanks Tommy Coe
| for reporting)
|  
| v 1.9.4 RC1
| =====================================================================
| + First stable ABE (Application Boundaries Enforcer) release
| + Improved JavaScript form submission emulation (thanks aladin235 for
| reporting about Twitter logout button)
| + Asyncrhonous networking in Gecko >= 1.9 for ABE preflight requests
| and DNS checks (can be turned off by noscript.asyncNetworking
| about:config preference)
| + noscript.ABE.legacySupport about:config preference to enable ABE
| on older, less supported platforms (Gecko < 1.9)
| + Modularized SeaMonkey uninstaller
| + Bookmarklet emulation made compatible with latest Fx 3.5 builds
| x Better UI feedback about CAPS parsing artifacts
|  
| v 1.9.3.92
| =====================================================================
| x Fixed missing site rules being repeatedly fetched after 12 hours
| timeout
|  
| v 1.9.3.91
| =====================================================================
| + Added `gstatic.com <http://gstatic.com>`__ (Google Maps and other services)
  to the default
| whitelist
| x Fixed broken embeddings from file:// URLs (thanks Endor for report)
|  
| v 1.9.3.9
| =====================================================================
| x Fixed import/export buttons for whitelist and full configuration
| overriding each other (thanks Alan Baxter for reporting)
|  
| v 1.9.3.8
| =====================================================================
| + Precise reporting of ABE DNS failures
| + Automatically include browser origins in Accept predicates
| x Lighter XSS checks, relying on ABE for pre-screening when possible
| (preventing some timeout-related false positives and random hangs)
| v 1.9.3.7
| =====================================================================
| + More accurate NOSCRIPT web-bugs blocking, skipping same origin
| images and scripted pages (thanks Jorgo for suggestion)
| x Working link to ABE documentation in NoScript Options|Advanced|ABE
| x Fixed ABE external editor failing to open on Mac OS X (thanks David
| Bass for reporting)
|  
| v 1.9.3.6
| =====================================================================
| + Improved Google Analytics script surrogates
| + New Imagefap anti-popup script surrogates
| + Seamonkey 1.x streamlined installation process (profile local
| installations are not supported anymore, but switching to
| browser-wide is automatic on update)
| + Seamonkey 1.x automatic uninstall procedure (button provided in
| NoScript Options)
|  
| v 1.9.3.5
| =====================================================================
| + Better placeholder management with weird plugin content nesting
| (thanks nagan for request)
| + Faster and more streamlined cross-origin request tracking
| x Fixed single aster ("*") glob pattern not compiling in URI pattern
| lists (thanks Sirdarckcat for reporting)
| x Fixed Fx 2 (Gecko < 1.9) non-secure requests for HTTPS-forced
| resources being aborted rather than redirected (thanks al_9x for
| reporting)
|  
| v 1.9.3.4
| =====================================================================
| + First public Application Boundaries Enforcer (ABE) prototype, see
| NoScript Options|Advanced|ABE
| + SYSTEM built-in ABE ruleset including one rule emulating LocalRodeo
| (check http://databasement.net/labs/localrodeo/ and
| http://databasement.net/labs/localrodeo/testcases.php )

NoScript Security Suite 1.9.3.3 - May 23, 2009
----------------------------------------------

| v 1.9.3.3
| =====================================================================
| x Fixed fatal exception on JSON XSS checks (thanks HeikoAdams for
| report)
|  
| v 1.9.3.2
| =====================================================================
| x Fixed whitelist import/export broken by new global import/export (
| thanks Tim Johnson for report)
| v 1.9.3.1
| =====================================================================
| x Fixed automatic secure cookie management being enabled by default
| (thanks therube for report)
|  
| v 1.9.3
| =====================================================================
| + Redirect loops caused by HTTPS enforcement now trigger the standard
| redirect loop error page (thanks Matt McCutchen for RFE)
| x Fixed https-forced embedded objects not being loaded unless already
| cached (thanks Matt McCutchen for report)
|  
| v 1.9.2.93
| =====================================================================
| x Fixed 1.9.2.92 regression breaking "Revoke temporary permissions"
|  
| v 1.9.2.92
| =====================================================================
| + Improved bookmarklet support, trying to turn setTimeout calls into
| synchronous ones and to execute trusted imported scripts (e.g.
| in the Readability bookmarklet)
| + Slighty "beautifyed" JSON export format (one preference per line)
| x Fixed 1.9.2.91 regression, preventing permissions changes made in
| NoScript Options from being saved under some random circumstances
| (thanks GµårÐïåñ for reporting)
|  
| v 1.9.2.91
| =====================================================================
| + Import and Export buttons in NoScript Options to backup and restore
| the whole NoScript configuration (preferences and permissions) to
| and from a text file.
|  
| v 1.9.2.9
| =====================================================================
| + Native media (audio/video HTML 5 elements) blocking
| x Huge refactoring modularizing XSS, ABE, ClearClick, HTTPS extras
| and utility classes

NoScript Security Suite 1.9.2.8 - May 13, 2009
----------------------------------------------

| 1.9.2.8
| =====================================================================
| + 100x speedup of bookmark-based configuration persistence
| + NoScript tries to synchronize its configuration with foreign
| bookmarks when the "Backup configuration in bookmarks" gets enabled
| in order to ease adding new "slaves"
| x Excluded temporary permissions from bookmark-based synchronization
| x Fixed XMark synchronization failing because of XMark's 4KB limit on
| bookmark URIs
| x Fixed opening the [NoScript] configuration bookmark hanging the
| AutoPager extension
| + Disqus ClearClick exception
| + Feedly ClearClick exception
|  
| v 1.9.2.7
| =====================================================================
| + "NoScript Options|Notification|Display release notes on update"
| checkbox
| x Fixed XSLT blocking regression

NoScript Security Suite 1.9.2.6 - May 1, 2009
---------------------------------------------

| v 1.9.2.6
| =====================================================================
| + NoScript now automatically removes the controversial "NoScript
| Development Support Filterset" deployed with NoScript 1.9.2.3 and
| above on startup, permanently and with no questions asked.

NoScript Security Suite 1.9.2 - April 23, 2009
----------------------------------------------

| v 1.9.2
| =====================================================================
| + Experimental "Backup NoScript configuration in a bookmark for easy
| synchronization" feature (enable it in "NoScript Options|General")
| x Fixed potential DNS leak in some proxied setups when opening URLs
| with FQDNs as their hostnames (thanks Rolf Wendolsky for report).

NoScript Security Suite 1.9.1.91 - April 13, 2009
-------------------------------------------------

| v 1.9.1.91
| =====================================================================
| x Fixed notifications reporting "Forbidden" on some partially allowed
| pages
|  
| v 1.9.1.9
| =====================================================================
| x Fixed notifications reporting "Partially allowed" on fully allowed
| pages (thanks Grant Parris for report)
| x Fixed source code (view-source: originated) POST requests being
| turned into GET requests
|  
| v 1.9.1.8
| =====================================================================
| + New "partially allowed subcontent" icon to indicate that the top
| site is blocked but some active sub-content (e.g. plugin objects
| or frames) is enabled
| + New script sources inventory behavior reporting "Scripts Forbidden"
| instead of "Scripts Partially Forbidden" even if 3rd party script
| sources are allowed unless their hosting document is allowed too
| + New "noscript.clearClick.subexceptions" preference to list sources
| of embedded content which don't need to be protected by ClearClick
| x ClearClick compatibility with the "ShareThis" extension

NoScript Security Suite 1.9.1.9 - April 12, 2009
------------------------------------------------

| Bug fix extraordinary release:
|  
| v 1.9.1.9
| =====================================================================
| x Fixed notifications reporting "Partially allowed" on fully allowed
| pages (thanks Grant Parris for report)
| x Fixed source code (view-source: originated) POST requests being
| turned into GET requests

NoScript Security Suite 1.9.1.8 - April 10, 2009
------------------------------------------------

| v 1.9.1.8
| =====================================================================
| + New "partially allowed subcontent" icon to indicate that the top
| site is blocked but some active sub-content (e.g. plugin objects
| or frames) is enabled
| + New script sources inventory behavior reporting "Scripts Forbidden"
| instead of "Scripts Partially Forbidden" even if 3rd party script
| sources are allowed unless their hosting document is allowed too
| + New "noscript.clearClick.subexceptions" preference to list sources
| of embedded content which don't need to be protected by ClearClick
| x ClearClick compatibility with the "ShareThis" extension
|  
| v 1.9.1.7
| =====================================================================
| x Fixed multiple placeholder regression on Gecko < 1.9 (Firefox 2.x)

NoScript Security Suite 1.9.1.6 - April 1, 2009
-----------------------------------------------

| v 1.9.1.6
| =====================================================================
| + Improved ClearClick specificity on zoomed pages (fixes a false
| positive on GMail's Flash-based attach link when zoom is active)
| x Temporarily disabled ClearClick on 3.6a1pre because of bug 486200
|  
| v 1.9.1.5
| =====================================================================
| + XSLT stylesheets are regarded as active content and blocked by
| default on untrusted documents and/or from untrusted origins
| + "Forbid IFrame" compatibility with the Google Notebook extension
| (thanks chojrak11 for RFE)
| x Fixed HTTP not enforced on redirected background requests (thanks
| al_9x for report)
| x Fixed work-around for bug 453825 work-around causing unhandled
| error messages visible in Firebug (thanks Pavol Goga for report)

NoScript Security Suite 1.9.1.4 - March 25, 2009
------------------------------------------------

| v 1.9.1.4
| =====================================================================
| x Fixed placeholder size miscalculation for hidden blocked objects
| (thanks al9_x for report)
| x Fixed HTTPS enforcing on documents causing an initial aborted
| HTTP documents request on Gecko < 1.9 (thanks al_9x for report)
|  
| v 1.9.1.3
| =====================================================================
| x Fixed URIPatternList glob compiling bug (thanks mattmcutchen)

NoScript Security Suite 1.9.1.2 - March 18, 2009
------------------------------------------------

| v 1.9.1.2
| =====================================================================
| + HTTPS forced on background requests (images, stylesheets,
| scripts, embeddings, AJAX...) as well (thanks mattmccutchen's RFE)
| + Fennec 1.0b1 compatibility
|  
| v 1.9.1.1
| =====================================================================
| x Fixeds XSS false positive on SAMLP payloads (thanks MysticOrchid
| for reporting)

NoScript Security Suite 1.9.1 - March 11, 2009
----------------------------------------------

| v 1.9.1
| =====================================================================
| x ClearClick performance boost on crowded documents
| x Updated French translation
| x Reduced log spam on content blocking
|  
| v 1.9.0.92
| =====================================================================
| + Yieldmanager script surrogate (thanks orngjce223 for suggestion)
| x Fixed "Attempt to fix JavaScript links" causing middle-clicks to
| open JS link targets twice on Gecko 1.8 (thanks therube for report)
|  
| v 1.9.0.91
| =====================================================================
| + ClearClick incident reporting tool
|  
| v 1.9.0.9
| =====================================================================
| x Fixed 20 seconds hang in injection checker on URLs containing long
| sequences of the "

NoScript Security Suite 1.9.0.8 - March 4, 2009
-----------------------------------------------

| http://noscript.net/changelog
|  
| v 1.9.0.8
| =====================================================================
| x Work around for Mozilla bug 453825
|  
| v 1.9.0.7
| =====================================================================
| x Work around for SimpleViewer and other Flash movies replaced with
| innerHTML breaking on nsIContentPolicy presence (thanks Steffen
| Zahn for reporting).

NoScript Security Suite 1.9.0.6 - Feb. 22, 2009
-----------------------------------------------

| http://noscript.net/changelog
|  
| v 1.9.0.6
| =====================================================================
| x Fixed page-level surrogates in subframes being executed too much
| early to be effective (thanks GossamerGremlin for report)
| x Work-around for bug 4066046 (thanks Alice0755)
| x Fixed incompatibility with the wfx_Versions extension (thanks
| Archaeopteryx for report)
| x Fixed double activation for nested OBJECT elements, e.g.
  `apple.com <http://apple.com>`__
| QuickTime movies (thanks al_9 for report)
| x Fixed Silverlight applets not intercepted in Gecko 1.8.1.19-20
| (thanks al_9x for report)

NoScript Security Suite 1.9.0.5 - Feb. 15, 2009
-----------------------------------------------

| v 1.9.0.5
| =====================================================================
| + Upper limits for JS link detection loop (thanks Wladimir Palant)
| + about:certerror added to the intrinsic whitelist
| + ClearClick compatibility with the Link Alert extension
| + 3rd party script blocking improvements
| x Updated Slovak translation

NoScript Security Suite 1.9.0.4 - Feb. 6, 2009
----------------------------------------------

| v 1.9.0.4
| =====================================================================
| x Fixed XHTML namespacing issues (thanks dhouwn for report)
|  
| v 1.9.0.3
| =====================================================================
| x Fixed E4X hijacking false positive with scripts delimited by XML
| comments and containing XML (thanks Jim Mattfield for report)
|  
| v 1.9.0.2
| =====================================================================
| x Fixed X-FRAME-OPTIONS not working inside OBJECT elements (thanks
| Joris van der Wel for report)
| x Restored broken compatibility with Seamonkey 1.0.x (thanks James
| Andrewartha for report)
| v 1.9.0.1
| =====================================================================
| x Work around for edge case false positive on plugins embedded in
| cross-site framesets (thanks therube for report)

NoScript Security Suite 1.9 - Jan. 31, 2009
-------------------------------------------

| 1.9
| =====================================================================
| + Improved ClearClick sensitivity (thanks Eric Lawrence for report)
|  
| 1.8.9.9
| =====================================================================
| + Experimental X-FRAME-OPTIONS compatibility support (see
| http://hackademix.net/2009/01/29/x-frame-options-in-firefox/ and
| http://evil.hackademix.net/frameopts/ )
| x Updated pt-BR translation
| x Fixed freeze on Poken URLs (thanks ksdz for report)
| x Fixed URIs nested in query string being normalized with trailing
| slash (thanks Benny Brostrup and Carsten for reporting about
| `login.service.csc.dk <http://login.service.csc.dk>`__)
|  
| 1.8.9.8
| =====================================================================
| + Support for page-level surrogate scripts, executed before pages
| whose URL matches sources patterns starting with "@" start loading
| x Enhanced "catch all" Google Analytics surrogate (thanks Jesse
| Andrew for reporting)
| x Refactored the Silverlight IsVersionSupported() patch to use
| ScriptSurrogate.execute()
| x Streamlined Silverlight support
| + Instant placeholders, being shown before page finishes loading

NoScript Security Suite 1.8.9.7 - Jan. 25, 2009
-----------------------------------------------

| 1.8.9.7
| =====================================================================
| x Improved script surrogation reliability
| x Fixed URIValidator preferences not being updated at runtime
| x Updated Sweden locale
|  
| v 1.8.9.6
| =====================================================================
| + Evernote compatibility hacks
|  
| v 1.8.9.5
| =====================================================================
| + Stricter checks for the "Attempt to fix JavaScript link" feature
| and emulation of form submission links (thanks Jah for report)
|  
| v 1.8.9.4
| =====================================================================
| x Fixed minimum sized placeholder potentially exceeding smaller
| frames (thanks greenhatch for report about BetFair's menu)
| x Fixed ClearClick form bounds miscalculation with negative coords
| (thanks Zjakki Willems for report about BlogSpot's search feature)
| x Fixed document loaded in a nested iframe when enabling a blocked
| legacy frame
| v 1.8.9.3
| =====================================================================
| + Extensible script surrogate mechanism (surrogating Google Analytics
| by default, look at noscript.surrogate.\* in about:config)
| + noscript.placeholderMinSize (default 32) forces a minimum
| pixel size on object placeholders
| x Cleaned up noscript.jsHack for custom usages

NoScript Security Suite 1.8.9.2 - Jan. 17, 2009
-----------------------------------------------

| v 1.8.9.2
| =====================================================================
| x Fixed page loading stalled sometimes when the final destination of
| a redirected script inclusion gets blocked by NoScript
|  
| v 1.8.9.1
| =====================================================================
| x Fixed 3rd party script files starting with an XML comment being
| "swallowed" (breaking `myway.com <http://myway.com>`__,
  `netaddress.com <http://netaddress.com>`__ and others)
|  
| Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.8.9 - Jan. 15, 2009
---------------------------------------------

| v 1.8.9
| =====================================================================
| + New noscript.clearclick.exceptions preference to specify URL
| patterns of page where clickjacking shouldn't be checked
| x \*.ebay.com ClearClick exception to temporarily work-around a false
| positive on one-click bids too difficult to reproduce
| x Performance optimization of the JSON and E4X hijacking protection
| x Compatibility with Amazon one-click
| x Removed \__count_\_ usage triggering a deprecated warning in Fx 3.0.x
| x Relaxed XSS checks from same-domain HTTPSHTTP requests
| x Improved E4X hijacking detection, skips leading XML comments in
| scripts (http://forums.mozillazine.org/viewtopic.php?p=5488645)
| x Updated Japanese translation
|  
| v 1.8.8.95
| =====================================================================
| + JSON and E4X hijacking protection (Gecko >= 1.9.0.4 required)
|  
| v 1.8.8.94
| =====================================================================
| x Removed a potential document leak
|  
| v 1.8.8.93
| =====================================================================
| x Improved accuracy of the new simulated onchange event handler
|  
| v 1.8.8.92
| =====================================================================
| x Work-around for 1.9.2a1 Components.utils.lookupMethod() breakage
| x Restored placeholder outline on 1.9.2a1
|  
| v 1.8.8.91
| =====================================================================
| + Added browser-built-in about:xyz URLs to the permanent whitelist
| + Simulated onchange event handling for simple HTML select drop-down
| with URL-like options
| x Work-around for bug 453825 triggered by hack for bug 472495 and
| breaking `smugmug.com <http://smugmug.com>`__ Flash-based fullscreen
  slideshows (thanks
| Daniel Dorau for reporting)
|  
| v 1.8.8.9
| =====================================================================
| + New zoom-guessing algorithm, giving more accurate results than
| nsIMarkupDocumentViewer.fullZoom built-in property, to fix
| ClearClick false positives at some fractional zoom levels
|  
| Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.8.8.8 - Jan. 7, 2009
----------------------------------------------

| v 1.8.8.8
| =====================================================================
| + Kazakh translation (thanks Baurzhan Muftakhidinov)
| x ClearClick optimization by canvas recycling
| x Work-around for bug 472495
|  
| v 1.8.8.7
| =====================================================================
| x Work-around for Windows Media Player embedded objects missing video
| streams under some circumstances (thanks AteUte52 for reporting)
|  
| v 1.8.8.6
| =====================================================================
| x Fixed ClearClick false positive on very narrow frames (e.g. on
| http://horseracing.betfair.com - thanks greenhatch for reporting)
| x Fixed XSS false positive on very long indexed CGI parameters lists
| (e.g. on http://pingoat.com - thanks Daethian for reporting)
|  
| Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.8.8.5 - Dec. 30, 2008
-----------------------------------------------

| v 1.8.8.5
| =====================================================================
| x Further optimization of Base64 injection checks
| x More accurate clipping of scrolling frames in ClearClick
|  
| v 1.8.8.4
| =====================================================================
| x Performance optimization of Base64 injection checks (thanks Dave
| Griffiths for reporting an Ebay chatroom issue)
|  
| v 1.8.8.3
| =====================================================================
| + More specific injection checks for scriptless targets
| + Compatibility with the `Fire.fm <http://Fire.fm>`__ extension
| x Fixed sporadic swallowed clicks on Google Street View
|  
| v 1.8.8.2
| =====================================================================
| x Fixed file:/// not showing anymore in NoScript menus
|  
| v 1.8.8.1
| =====================================================================
| x Fixed possible long-running loop on complex JSON-like requests
|  
| Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.8.8 - Dec. 24, 2008
---------------------------------------------

| v 1.8.8
| =====================================================================
| x Fixed rare ClearClick false positives on the bottom edge of
| scrolling frames
| x Fixed ClearClick false positive on some cnbc.com videos
|  
| v 1.8.7.8
| =====================================================================
| + Compatibility with Fennec Alpha 2
|  
| v 1.8.7.7
| =====================================================================
| + InjectionChecker checks HTML injections on untrusted targets too
| + Chained and nested JSON support (necessary to graceufully handle
| some Facebook APIs)
| x Fixed too much aggressive data: URL sanitization
| x Fixed sites whose URL doesn't support host not showing in menu
| (thanks timeless for report)

NoScript Security Suite 1.8.7.6 - Dec. 17, 2008
-----------------------------------------------

| v 1.8.7.6
| =====================================================================
| x Improved specificity for "location=code" injection checks
| x Compatibility with Facebook Connect JSON patterns
|  
| v 1.8.7.5
| =====================================================================
| x Heavy optimization of JSON reduction routine (up to 100x speedup),
| thanks Brian Krebs and Amy Buzby for reports and samples
| x Fixed top-level plugin content difficult to allow by clicking its
| placeholder when other plugin-interacting extensions are active
|  
| Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.8.7.4 - Dec. 8, 2008
----------------------------------------------

| v 1.8.7.4
| =====================================================================
| + Contextual disablement with visual feedback for "Revoke temporary
| permissions" and "Temporarily allow all on this page" toolbar
| buttons (thanks WAPCE for suggestion).
| x Improved early detection of event attribute XSS
| x Updated Arabic translation by Khaled Hosny
|  
| v 1.8.7.3
| =====================================================================
| x Better viewport framing when scrollbars are present (thanks
| timeless for report)
| x Compatibility with Firefox 3.2a1pre
|  
| 1.8.7.2
| =====================================================================
| x Work-around for Google Toolbar 5 Beta conflict
| x Work-around for newTabURL incompatibility
| x Adaptation to bug 464754
|  
| 1.8.7.1
| =====================================================================
| x Fixed issues with noscript.forbidIFrameContext = 0 (thanks Aerik
| for report)
|  
| Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.8.7 - Dec. 1, 2008
--------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.6 - Nov. 23, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.5 - Nov. 15, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.4.1 - Nov. 7, 2008
----------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.4 - Nov. 7, 2008
--------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.3.6 - Oct. 27, 2008
-----------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.3.3 - Oct. 19, 2008
-----------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.3.2 - Oct. 19, 2008
-----------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.3 - Oct. 17, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.2.8 - Oct. 12, 2008
-----------------------------------------------

| 1.8.2.8 fixes an issue with external protocol (mailto:, e2k:, irc:...) not
  working.
| http://noscript.net/changelog

NoScript Security Suite 1.8.2.4 - Oct. 10, 2008
-----------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.2.3 - Oct. 10, 2008
-----------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.2.2 - Oct. 10, 2008
-----------------------------------------------

| 1.8.2.2 improves ClearClick accuracy, reducing false positives rate near to 0
  and making it usable on trusted sites as well.
| More details:
| http://noscript.net/changelog
| http://noscript.net/faq#clearclick

NoScript Security Suite 1.8.2.1 - Oct. 7, 2008
----------------------------------------------

| 1.8.2.1 backports the new ClearClick functionality to be compatible with
  Firefox 2.x, Seamonkey 1.1.x and other Gecko 1.8.1 browsers.
|  
| http://noscript.net/changelog

NoScript Security Suite 1.8.2 - Oct. 7, 2008
--------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.1.3 - Sept. 17, 2008
------------------------------------------------

| 1.8.1.2 and 1.8.1.3 fix all the reported login problems AND turn off the
  Automatic Secure Cookie Management by default, so have no fear to install.
| Anyway, if you decide to turn Automatic Secure Cookie Management on, your
  feedback about this new feature is very appreciated.
|  
| Details on http://noscript.net/changelog and http://noscript.net/faq#https

NoScript Security Suite 1.8.1.2 - Sept. 17, 2008
------------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.8.1 - Sept. 15, 2008
----------------------------------------------

| Brand new HTTPS and cookies features,
| see http://noscript.net/changelog and http://noscript.net/faq#https

NoScript Security Suite 1.8 - Aug. 30, 2008
-------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7.9 - Aug. 19, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7.8 - Aug. 5, 2008
--------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7.7 - July 15, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7.6 - July 5, 2008
--------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7.4 - June 28, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7.1 - June 25, 2008
---------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.7 - June 25, 2008
-------------------------------------------

http://noscript.net/changelog

NoScript Security Suite 1.6.9.3 - June 16, 2008
-----------------------------------------------

| Out-of-cycle update for serious Ebay XSS issue plus regression fix.
|  
| Full development history at http://noscript.net/changelog

NoScript Security Suite 1.6.9.2 - June 16, 2008
-----------------------------------------------

| Critical out-of-cycle anti-XSS filter fix, indispensable for Ebay users.
|  
| Full development history at http://noscript.net/changelog

NoScript Security Suite 1.6.9.1 - June 15, 2008
-----------------------------------------------

All the changes in this release at http://noscript.net/changelog

NoScript Security Suite 1.6.9 - June 7, 2008
--------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.6.8 - May 30, 2008
--------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.6.7 - May 30, 2008
--------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.6.5 - May 9, 2008
-------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.6.4 - April 27, 2008
----------------------------------------------

Detailed development history at http://noscript.net/changelog

NoScript Security Suite 1.6 - April 14, 2008
--------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.5.8 - April 7, 2008
---------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.5.6 - March 27, 2008
----------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.5.2 - March 17, 2008
----------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.5 - March 16, 2008
--------------------------------------------

| Full change history at http://noscript.net/changelog
|  
| If you use trunk build, please help testing development builds (when
  available) from http://noscript.net/getit#devel

NoScript Security Suite 1.4.9.5 - March 6, 2008
-----------------------------------------------

| Development versions are available at http://noscript.net/getit#devel (please
  use them if you're using Firefox 3 beta or a Gecko trunk build).
|  
| Full development history at http://noscript.net/changelog

NoScript Security Suite 1.4.9 - Feb. 27, 2008
---------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.4 - Feb. 15, 2008
-------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.3.2 - Feb. 2, 2008
--------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.3.1 - Jan. 21, 2008
---------------------------------------------

Full development history: http://noscript.net/changelog

NoScript Security Suite 1.3 - Jan. 21, 2008
-------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.2.9 - Jan. 10, 2008
---------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.2.6 - Jan. 6, 2008
--------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.2 - Dec. 25, 2007
-------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.1.9.6 - Dec. 15, 2007
-----------------------------------------------

Full development history at http://noscript.net/changelog

NoScript Security Suite 1.1.9 - Dec. 5, 2007
--------------------------------------------

Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.8.3 - Nov. 21, 2007
-----------------------------------------------

| SeaMonkey users, please install 1.1.8.4 from http://noscript.net/getit#direct
|  
| Detailed change history at http://noscript.net/changelog

NoScript Security Suite 1.1.8 - Nov. 10, 2007
---------------------------------------------

Detailed change history: http://noscript.net/changelog

NoScript Security Suite 1.1.7.7 - Nov. 4, 2007
----------------------------------------------

| SEAMONKEY USERS:
| please install from http://noscript.net/getit#direct to avoid a "Script
  error" during setup.
|  
| Version history at http://noscript.net/changelog

NoScript Security Suite 1.1.7.6 - Nov. 4, 2007
----------------------------------------------

Details at http://noscript.net/changelog

NoScript Security Suite 1.1.7.2 - Sept. 15, 2007
------------------------------------------------

Detailed changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.7 - Sept. 10, 2007
----------------------------------------------

Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.6.21 - Sept. 3, 2007
------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.20 - Sept. 3, 2007
------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.16 - Aug. 20, 2007
------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.15 - Aug. 18, 2007
------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.12 - July 31, 2007
------------------------------------------------

Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.08 - July 25, 2007
------------------------------------------------

Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.07 - July 25, 2007
------------------------------------------------

Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.06 - July 24, 2007
------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.6.02 - July 7, 2007
-----------------------------------------------

Detailed development history at http://noscript.net/changelog

NoScript Security Suite 1.1.6 - July 6, 2007
--------------------------------------------

Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.5 - June 28, 2007
---------------------------------------------

Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.9.070622 - June 22, 2007
------------------------------------------------------

| New protection against cross-browser exploits.
|  
| Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.4.9 - June 19, 2007
-----------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.4.8.070523 - May 26, 2007
-----------------------------------------------------

Detailed changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.8.070521 - May 21, 2007
-----------------------------------------------------

Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.8.070514 - May 20, 2007
-----------------------------------------------------

Full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.4.8.070430 - May 1, 2007
----------------------------------------------------

Detailed changes history: http://noscript.net/changelog

NoScript Security Suite 1.1.4.8.070423 - April 23, 2007
-------------------------------------------------------

Detailed changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.8 - April 20, 2007
------------------------------------------------

Detailed changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.7 - April 11, 2007
------------------------------------------------

Version details at http://noscript.net/changelog

NoScript Security Suite 1.1.4.6.070317 - March 22, 2007
-------------------------------------------------------

Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.6.070307 - March 7, 2007
------------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.4.6.070304 - March 5, 2007
------------------------------------------------------

Detailed changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4.6.070302 - March 2, 2007
------------------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.4.6 - Feb. 28, 2007
-----------------------------------------------

Detailed changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.4.5.061221 - Dec. 21, 2006
------------------------------------------------------

Version details at http://noscript.net/changelog

NoScript Security Suite 1.1.4.5.061206 - Dec. 6, 2006
-----------------------------------------------------

Version details: http://noscript.net/changelog

NoScript Security Suite 1.1.4.5.061030 - Oct. 30, 2006
------------------------------------------------------

Full details at http://noscript.net/changelog

NoScript Security Suite 1.1.4.5 - Oct. 17, 2006
-----------------------------------------------

Version details at http://noscript.net/changelog

NoScript Security Suite 1.1.4.4 - Oct. 8, 2006
----------------------------------------------

Version details at http://noscript.net/changelog

NoScript Security Suite 1.1.4.3 - Sept. 10, 2006
------------------------------------------------

| + Emulated Firefox 1.0.x top-level plugin content blocking behaviour
| + fa-IR (Persian) thanks to Pedram Veisi
| + en-GB (English GB) thanks to Ian Moody
| + el-GR (Greek) thanks to Sonickydon
| + hr-HR (Croatian) thanks to Krcko
| + th-TH (Thai) thanks to Qen
| + uk-UA (Ukrainian) thanks to MozUA
| x Other updated translations
| x Fixed plugin content reloading bug

NoScript Security Suite 1.1.4.2 - Sept. 9, 2006
-----------------------------------------------

| v 1.1.4.2
| =====================================================================
| + Notifications Firefox 2+ compatible
| x Fixed whitelist import bug
| x Fixed "removeLinkFixer" warning (thanks to Pablo)

NoScript Security Suite 1.1.4.1 - May 8, 2006
---------------------------------------------

Detailed changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.4 - April 9, 2006
---------------------------------------------

Full changelog: http://noscript.net/changelog

NoScript Security Suite 1.1.3.9 - Jan. 26, 2006
-----------------------------------------------

| Bug fix release. Main
| new features: javascript links are automatically turned into "normal" safely
  clickable ones, the new "ping" link attribute is automatically disabled and
  more... Detailed changelog at http://flashgot.net

NoScript Security Suite 1.1.3.8 - Jan. 23, 2006
-----------------------------------------------

| Version 1.1.3.8 fixes eastern languages bugs and abandones the "permanent"
  whitelist. Main
| new features: javascript links are automatically turned into "normal" safely
  clickable ones, the new "ping" link attribute is automatically disabled and
  more... see full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.3.7 - Jan. 22, 2006
-----------------------------------------------

1.1.3.7 FIXES "FOREIGN LANGUAGE" BUG happening with Fx 1.0.7 - new features:
javascript links are automatically turned into "normal" safely clickable ones,
the new "ping" link attribute is automatically disabled and more... see full
changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.3.6 - Jan. 21, 2006
-----------------------------------------------

Main news: javascript links are automatically turned into "normal" safely
clickable ones, the new "ping" link attribute is automatically disabled and
more... see full changelog at http://noscript.net/changelog

NoScript Security Suite 1.1.3.5 - Dec. 8, 2005
----------------------------------------------

1.1.3.5 version details: http://noscript.net/changelog

NoScript Security Suite 1.1.3.4 - Nov. 10, 2005
-----------------------------------------------

1.1.3.4 version details on http://noscript.net

NoScript Security Suite 1.1.3.3 - Oct. 17, 2005
-----------------------------------------------

1.1.3.3 version details: http://noscript.net/changelog

NoScript Security Suite 1.1.3.2 - Sept. 24, 2005
------------------------------------------------

1.1.3.2 version details: http://noscript.net/changelog

NoScript Security Suite 1.1.3.1 - Sept. 23, 2005
------------------------------------------------

1.1.3.1 version details: http://noscript.net/changelog

NoScript Security Suite 1.1.3 - Sept. 18, 2005
----------------------------------------------

1.1.3 version details on http://noscript.net/changelog

NoScript Security Suite 1.1.2.20050901 - Sept. 1, 2005
------------------------------------------------------

See http://noscript.net/changelog for version notes

NoScript Security Suite 1.1.2 - Aug. 31, 2005
---------------------------------------------

1.1.2 is repackaged for Firefox 1.6 alpha compatibility, and contains huge
performance improvements as well as Mozilla Java/Flash/Plugin blocking.

NoScript Security Suite 1.1.1 - Aug. 1, 2005
--------------------------------------------

| Version 1.1.1 is an hotfix release for a whitelist synchronization bug and a
  spanish locale issue.
| Version 1.1.0 main news: Java, Flash and other plugins blocking (Firefox
  only), customizable audio feedback sample, customizable message position,
  better icons. See http://www.noscript.net/changelog for full details.

NoScript Security Suite 1.1.0 - Aug. 1, 2005
--------------------------------------------

Version 1.1.0 main news: Java, Flash and other plugins blocking (Firefox only),
customizable audio feedback sample, customizable message position, better
icons. See http://www.noscript.net/changelog for full details.

NoScript Security Suite 1.0.9 - June 14, 2005
---------------------------------------------

1.0.9 main news: long awaited "Temporarily allow..." command and greatly
improved stability - read full changelog in http://www.noscript.net

NoScript Security Suite 1.0.8 - May 31, 2005
--------------------------------------------

1.0.8 handles URL with non-standard ports (e.g. 127.0.0.1:8080) in a smarter
way.

NoScript Security Suite 1.0.7 - May 27, 2005
--------------------------------------------

| 1.0.7 news:
| "Popup blocker" style notification (Firefox only) and a more discreet sound
  effect (both optional!);
| Autoreload synchronizes every view whose permissions have changed;
| Updated and new translations;
| Better UI support for numeric addresses and "special" TLDS like co.uk, co.nz
  and others.

NoScript Security Suite 1.0.6 - May 24, 2005
--------------------------------------------

| 1.0.6 main news: Whitelist import/export; less cluttered "Allow" menu; Audio
  feedback;
| about:config/noscript.permanent can be changed without FF restart; fixed XUL
  error pages issue

NoScript Security Suite 1.0.5 - May 21, 2005
--------------------------------------------

1.0.5 changes: new "Appearance" tab in Options Dialog lets you hide/show
context menu and status bar icon; no more cluttering from http[s]:// prefixed
to 2nd level domains (they're auto-hidden in whitelist); menu layout is fixed
(no dummy space at the bottom anymore)

NoScript Security Suite 1.0.4 - May 20, 2005
--------------------------------------------

1.0.4 news: http:// and https:// automatically prefixed to 2nd level domains
for better compatibility with certain sites (thanks to Laura for report);
correct status feedback for chrome:// URLs (thanks to pacanukeha)

NoScript Security Suite 1.0.3 - May 17, 2005
--------------------------------------------

| 1.0.3 main news:
| \* Feedback about actual presence of script elements in current page;
| \* Feedback about partial permissions in pages containing subframes;
| \* Added hotmail/msn/passport domains to default whitelist;
| \* Various other improvements in stability, performance and usability
|  
| - see http://www.noscript.net/changelog for more...

NoScript Security Suite 1.0.2 - May 16, 2005
--------------------------------------------

1.0.2 main news: support for URLs with non-standard port numbers; usability
improvements; French translation.

NoScript Security Suite 1.0.1 - May 14, 2005
--------------------------------------------

| News in 1.0.1: + Contextual menu for easy operation in statusbar-less
  windows;
| + Tested with hotmail, gmail and the like;
| + Current page is automatically reloaded when permissions are changed;
| + Support for implicit subdomain inclusion (e.g. if you add mozilla.org, you
  allow www.mozilla.org, addons.mozilla.org etc.);
| + German translation (thanks to my friend Thomas Weber);
| x Work around for Firefox sporadic crashes in some configurations

NoScript Security Suite 1.0 - May 13, 2005
------------------------------------------

[no description]