NoScripts 0.9.0 August 17th, 2010

• First public version.

NoScripts 0.9.1 August 18th, 2010

• Bug fix: (Reported by rEnr3n) Google Chrome may not fire storage change events when NotScripts initializes. This can result in the “Revoke All Temporary” button not working for a session if you shut down Google Chrome with everything globally allowed.
• Bug fix: (Reported by rEnr3n) Improved the blocking compatibility for embed and object tags used on video sites.
• Bug fix: Duplicates of the same url from different iframes are now filtered to avoid cluttering the drop down menu.
• New: You can selectively turn off NotScript blocking for scripts, iframes, embeds, and objects by placing a special value in CHANGE__PASSWORD__HERE.js

NoScripts 0.9.2 August 24th, 2010

• Major release.
• New: Temporarily allow this features along with a
  redesigned drop down menu
• New: FTP sites embedded in iframes can now be blocked. FTP
  site HTML is generated by Google Chrome.
• New: Rewrote the url parser to be much more robust. Now also supports IPv6 in addition to IPv4 and text urls.
  However, I have turned IPv6 recognition off in the code until it is more widespread and more people are familiar with it.
• New: NotScripts can recognize localhost type urls like http://localhost/something.html. Note that the “localhost” part is required to be at least 4 characters long.
• New: More compatible and sensible default blocking policy for iframes. IFrames are now loaded only if the current website is whitelisted instead of requiring you to whitelist every site in an iframe. This allows you to use sites like StumbleUpon that uses iframes to load external websites without having to whitelist the external sites or totally disable iframe blocking like in NotScripts V0.9.1.
  Please remove      const DO_NOT_BLOCK_IFRAMES = true;      in CHANGE__PASSWORD__HERE.js if you added that in NotScripts V0.9.1.
  Note that the scripts and plugins inside of an iframe are blocked normally.
• New: Placed a description into the NotScripts password file to help new users. Also removed the commented out options.
• New: There is some preliminary mitigation for inline scripts.
• New: The error message for the password status will now tell you if your password is too short.
• Change: NotScripts’ own copy of settings now resides in only one place of the program instead of being reloaded for options/drop down menu.
• Change: Reloading of tabs after delisting/whitelisting now happens on all applicable tabs instead of only the current tab. Done for consistency.
• Workaround: (Reported by rEnr3n) Workaround for Google Chrome on netbooks with screen heights of less than 700px where the
  drop down menu is cut off by the screen. Bug Fix: Forced el.nodeName to upper case for checking in
• all cases (ie: for XHTML).
• Bug Fix: (Reported by rEnr3n) Empty elements used to later load another source (and fire another load event) are now correctly allowed to be created.
• New: More complete removal of urls with unrecognized top level domains (TLD) from the whitelist when delisted. For example, say .xyz is an unrecognized TLD, then if you had both sub1.example.xyz and example.xyz in your whitelist, removing either one will also remove the other. This is done to avoid having orphaned urls in the whitelist when more recognized TLDs are added to NotScripts.  Also, whitelist sub1.example.xyz now means that example.xyz is also whitelisted since they come from the same primary domain.
• New: More intelligent display of urls with unrecognized TLDs to minimize multiple urls from the same domain.
• Clean: Removed all the preliminary code for Safari version so I can focus on Google Chrome.
• Add: Added paragraph in Limitations to say that NotScripts does not currently support the other advanced protection methods that NoScript for Firefox has.
• Add: Added recognition for the top level domains of .cn, .tv., .jp. .de, and .tw along with their secondary domains.

NoScripts 0.9.5 August 24th, 2010

• Bug Fix: (Reported by Eric) Corrected path for icons some Linux systems were having trouble with.
• Bug Fix: (Reported by Tim) Corrected parsing of the @ symbol in a url that could have lead to the wrong domain being recognized.

NoScripts 0.9.6 September 6th, 2010

• New: NotScripts can now also block scripts in ftp:// and file:/// (localhost) sites if given permission in the Google Chrome extensions page.
• New: Added support for blocking old-school frameset/frame elements.
• New: In the drop down menu, NotScripts now shows a link to each domain’s Google Safe Browsing page to help you decide to whitelist it or not. Note that NotScripts only links to the English version of the Google Safe Browsing page at this point. This should change when NotScripts adds additional languages.
• New: NotScripts now removes the “This site may harm your computer” links from Google Search results. Note: Is not compatible with AutoPagerize type extensions.
• New: Added memory stats for the lists in the Options page to help users gauge how much of the HTML5 local storage quota they are using.
• New: NotScripts now supports blocking modes of blacklist and whitelist with top level sites allowed by default.
• New: A page in the Options page on how to report bugs.
• Improved: The temp allow this site features now need much fewer reloads when used because of a change in the way temp permissions are stored.
• Improved: (From Mike) Windows users can now simply copy and paste the folder path shown on the password status page to get to their password file without having to type in their user name.
• Improved: Lowered the memory usage and improved the start up time of the NotScripts drop down menu by removing unused components from the jquery UI theme library.
• Improved: Greatly reduced the computing power required for blocking by implementing sorted lists that can be searched with a binary search like algorithm.
• Improved: Site specific storage for the whitelist is now only overwritten when there is a change made instead of on every page load, thanks to the usage of MD5 hashes.
• Changed: IPv4 addresses must now be an exact match when comparing a url with one in the whitelist.
• Changed: The user is now given the option to reset the HTML5 storage of a website when the storage quota is exceeded or the encryption is incorrect, instead of simply trying to reload the web page.
• Bug Fix: “Allow All Shown” button incorrectly adds a domain to the whitelist even when the domain already exists in the whitelist, leading to duplicate entries.
• Bug Fix: A fix has been implemented for the “Are you sure you want to leave this page?” pop ups some users have reported seeing when inline script mitigation is on. There is also improved blocking of this pop up implemented.
• Bug Fix: A few users have reported that they are not able to get the “Allow” button to respond. I have not been able to confirm whether this is an actual bug but the NotScripts “Allow” button now calls the background page to carry out the actions so this may resolve it.
• Removed: Made a few code changes so that NotScripts no longer requires cross-origin permissions to run in Google Chrome for improved security.