x [UX] Show onboarding page on settings reset
x [l10n] Lowered Transifex merge threshold to 50%
x [L10n] Updated bn, br, ca, da, el, es, fa, ja, lt, ms, nb,
ro, sv_SE
x [UX] Scary styling for restrictions disablement option
x [UX] Turn on restrictions when a behavior is selected
x [UX] Zoom-in site classification behavior transition
x [UX] More presentation / styling tweaks
x [L10n] Updated de, fi, fr, he, is, it, mk, nl, pl, pt_BR,
pt_PT, ru, sq, tr, uk, zh_CN, zh_TW
x [UX] Improved modifier button styling
x [UX] Colorized site classification behavior options
x [UX] Implement first install onboarding page
x [UX] Further behavior UI synchronization fixes (thanks
fatboy for reporting)
x [UX] Various style tweaks for Android
x Fixed autoAllowTop bug on Chromium
x [UX] Fixed some user-visible messages (thanks Tonnes for
reporting)
x [UX] Fix possible race condition on classification
behavior UI initialization (thanks fatboy for reporting)
x [UX] Classification behavior: improved code formatting and
synchronization
x [UX] Support links
x [UX] Added missing bidirectional UI synchronization step
x [UX] Complete classification behavior wiring
x [UX] Hide classification behavior UI in Tor/Mullvad
browsers
x [L10n] Updated de, fa, fi, fr, it, nl, pl, pt_BR, pt_PT,
x [UX] "Site Classification Behavior" (usability level)
selector
x [UX] Support multiple UI listeners
x [UX] Handle more media placeholder edge cases
x [UX] Localize capabilities in status tooltip
x [UX] Fix DEFAULT wrongly styled as canScript on unsafe
URLs
x [nscl] Fixed DomFreezer regression on first file:// load
due to onbeforescriptexecuted deprecation (thanks Anton K
for reporting)
x [L10n] Updated nl
x build.sh + automatically increments current version
x [UX] Always show the stricter top-level site match on top
of the list (thanks fatboy for suggestion)
x [UX] Do not show CASCADED label for DEFAULT entries
matching the top-level site
x [UX] More cascading permissions bug fixes
x [L10n] Multiple localization updates
x [UX] Improved visual feedback for cascaded permissions
(thanks fatboy for bug reporting)
x [UX] Cascading permissions frontend
x [nscl] [UX] Force artificial placeholders creation on
x.com even if no real media object is in the DOM
x [nscl] Cascading permissions support (backend)
x [nscl] Do not let AUTO-TRUSTED override policies other
than DEFAULT
x [L10n] Updated de, fr, ru
x [UX] Fixed theme configuration caching bug
x [UX] Fix AUTO-TRUSTED preset titles
x [UX] Improved UI labeling for automatically trusted
top-level sites
x [L10n] Updated it
x Imported settings version migration support
x Export settings metadata and versioning support
x Mitigate x-load protection affecting file:// documents
load times (issue #455, thanks Meludall for patch)
x [UX] Better handling of clicks on obstructed placeholders

v 13.4

x [UX] More concise and compact placeholders
x [UX] Include all the suppported capability types in the
tooltip blocked/used report

v 13.2.2

x Work-around for issue #462
x [L10n] Updated fr, pl, zh_CN
x Resolve implicit dependencies from createHTMLElement()
x [Android] Erase temporary permissions when all the tabs
closed (issue #464)
x [Android] Make NoScript Options' top buttons fit in one
row
x Typo in comment in LifeCycle.js

v 13.2.1

x Fix bugs with Tor Browser unknown capabilities handling
x Work-around for Tor Browser Security Levels not being
aware yet of the wasm capability
x [nscl] Make wasm usage attempt notification
Chromium-compatible
x [L10n] Updated de, ru, tr

v 13.1

x New wasm capability to control WebAssembly per site
x [L10n] Updated is, pt_BR
x Adopt the Chromium prefetch CSS CORS work-around on Gecko
(torbrowser#44239 fix)
x Best effort to avoid extra temporary tabs for sidebar
detection

v 13.0.9

x [UX] Increase contrast for non-HTTPS site labels in dark
mode (thanks Soothsayer for reporting)
x [L10n] Updated he, pl, tr, uk
x [Tor] Align Tor/Mullvad Browser integration logic and UI
with "persistent mode" (mullvad-browser#455)
x Switch to ?. operator and tidy up surrounding code

v 13.0.8

x Reduce annoyances and false positives from sidebar content
detection (issue #444)
x Fix automatic top level trust conflict with existing
contextual policies (issue #441)

v 13.0.6

x Use frameAncestors whenever possible for top URL
retrieving

v 12.6

x Make contextual policies override restriction cascading
(tor-browser#43397)
x [Chromium] Fix 12.5.9xx prompt closure regression
x [Chromium] Full x-load checks Chromium support
x Better offscreen placeholders for x-load
x [l10n] [Chromium] Make x-load capability localization
Chromium-compatible
x [L10n] Updated de, fr, he, ru, tr zh_CN
x [UX] Honor non-contextual x-load capability granted from
NoScript Options (thanks barbaz for RFE)
x Prevent data: URIs from messing with srcset parsing
(thanks fatboy for reporting)
x Regard as "mutually safe" for x-load directories sharing a
common ancestor
x [UX] Make x-load capability visible for CUSTOM file:
entries in NoScript Options (thanks barbaz for RFE)
x [UX] Fixed prompt window leaks (tor-browser#43281)
x [UX] Make object unblocking temporary and contextual by
default, with choices in the prompt
x [nscl] Option to clone Permissions without context
x Always honor the "Collapse blocked objects" option
x Refactor top-level auto-trust and make it contextual
(issue #417)
x [nscl] Remove noisy debug statement
x [UX] UI support for extra floating capabilities (x-load)
x Integrate event handlers suppression with blocking if
needed (thanks Adithya Suresh Kumar for reporting)
x [nscl] Refactor xray proxification
x Fix incorrect assumptions about some DOM element
properties reflecting URLs (thanks Adithya Suresh Kumar
for reporting)
x [nscl] Fix race condition between multiple extensions
using MV3/DNR SyncMessage (JShelter#146, thanks polcak for
reporting)
x Suppress some event handlers (tor-browser#43491, thanks
Adithya Suresh Kumar for reporting)
x [build] Publish XPIs only after their signed
x [build] Improved version bump commit logic

v 12.1.1
============================================================
x Fix automatic reloading broken if the background script /
service worker is not already initialized on UI load
x Re-enable signing logging

v 12.1
============================================================
x [nscl] Improved work-around for Youtube placeholder
displacement (tor-browser#43296)
x [L10n] Updated pl
x Avoid synchronous policy fetching if document is already
complete (e.g. on extension updates)
x Remove more MV3-only entries from MV2 manifest
x Remove pre-release version check on signing
x More informative debug logging
x Fixed misplaced update_url in development builds (thanks
DJ-Leith for reporting)
x Switch Firefox development build version format to *.9xx
(like Chromium)
x Cross-browser and cross-manifest compatibility down to
Gecko 115
x Improved cross-browser and cross-manifest development and
build ergonomics
x Fixed RequestGuard on Firefox still using CSP.blocks() as
an instance method
x Improved cross-browser and cross-manifest support
x Do not reload affected tabs before saving XSS user
choices, if any
x [nscl] Several performance and reliability enhancements
from NSCL
x [nscl] Updated to latest NoScript Commons Library
x Fixed offscreen placeholder container preventing user
interaction on the left of placeholders
(tor-browser#43282)
x Fix localization-related console spam when opening options
panel (tor-browser#43269)
x Fixed offscreen placeholder container preventing user
interaction on the left of placeholders
(tor-browser#43282)
x Fix localization-related console spam when opening options
panel (tor-browser#43269)

v 11.5.2
============================================================
x [tor-browser#43257] More efficient, flexible and
race-resistant placeholder styling

v 11.5.0
============================================================
x [tor-browser#32668] Use the Security Level as the default
policy for Options Reset on Tor Browser
x [tor] Stateless-compatible Tor Browser integration
x [L10n] Updated pt_BR
x Stateless-compatible temporary permissions
x Switch from deferWebTraffic to Wakening
x Stateless-compatibile TabGuard
x Switch to non-persistent background page
x [xss] Refactor for non-persistence
x Removed Fennec-specific code
x Bump min Gecko compatibility to 115.0 (stateless
background script support)

v 11.4.42
============================================================
x [nscl] Further SyncMessage simplification
x Mitigate race conditions on startup

v 11.4.41
============================================================
x [nscl] Fixed Chromium worker patching regression caused by
failSafe scope
x [nscl] Force service workers to be patched bypassing cache
x [nscl] More robust SyncMessage implementation
x [nscl] Enhanced remote worker patching
x [nscl] Remove missing source map warning for
browser-polyfill.js
x [nscl] Better console handling in execution context
patches
x Reduce console spam on non-debugging instances
x [nscl] Avoid patched workers breakage if console API is
disabled (thanks ayi for reporting)

11.4.40
============================================================
x [nscl] Fix patched workers failures caused by Firefox
webRequest filters disconnect() breaking on large files
(thanks barbaz for reporting)

v 11.4.39
============================================================
x [nscl] Improved WebGL-hooking and worker patching
stability
x [L10n] Lower to 90% the threshold for including a new
translation
x [L10n] Updated he, pt_PT
x [nscl] Prevent patchWindow from throwing on SOP violations
x [nscl] Correctly propagate extra arguments to shadowed
worker constructors

v 11.4.37
============================================================
x [nscl] Do not patch windows with WebGLHook if webgl is
globally disabled
x [nscl] Do not patch workers if webgl is globally disabled
x [L10n] Updated uk
x [nscl] Workers-aware WebGL Hook

v 11.4.35
============================================================
x Improved lazy_load capability (optimization and
notification)
x [nscl] Slight optimization of NOSCRIPT element emulation
loop
x Automatically add extra capabilities to policyTypesMap
x Gracefully handle new capabilities still unknown to the
settings host (e.g. Tor/Mullvad browser), if any
x Configurable "lazy_load" capability (see
https://github.com/whatwg/html/issues/5250)
x Prefetch all CSS subresources (1st party included) in
private contexts where both unchecked_css and scripting
capabilities are disabled
x Forcibly neutralize lazy loading attributes when scripting
is disabled
x [nscl] Restored SyncMessage compatibility with Firefox 78
and below
x Lock nscl version on stable releases
x [L10n] Updated de, fr, tr, ru, uk, zh_CN

v 11.4.34
============================================================
x [nscl] Work around for
https://bugzilla.mozilla.org/show_bug.cgi?id=1899786
(issue #372)
x [L10n] Updated de, ru, tr
x Synchronize nscl git commits as needed before tagging new
versions

v 11.4.31
============================================================
x [L10n] Updated fr, is, ru, zh_CN
x Improved release tooling
x [nscl] Updated to latest NoScript Commons Library
x NoScript Options/Appearance/Show synthetic placeholders
for invisible capability probes (issue #369)
x [nscl] Make placeholders easier to style per type
x Prevent duplicate synthetic placeholders for invisible
capability probes (issue #369)

v 11.4.30
============================================================
x [nscl] Best effort WebGL placeholders for offscreen
capability detection
x Improved blocked but required capability reporting from
subframes (issue #367)
x [nscl] Include SVG among embedding document types (fixes
issue #366)
x Removed obsolete "applications" manifest.json key

v 11.4.29
============================================================
x [nscl] Updated TLDs
x [nscl] Improved reliability of TLD updater
x Removed theme.js console noise
x Fix beta channel updates breakage due to
browser_specific_settings override
x [nscl] Several content-side performance improvements
x Reduce synchronous policy retrieval impact on file: and
ftp: document loading performance
x More commands for which a keyboard shortcut can be
configured
x [L10n] Updated de, fi, mk, nl, pl, ru, sq, tr, uk,
pt_BR, zh_CN, zh_TW
x Explicit Android compatibility declaration

v 11.4.28
============================================================
x Prevent URL leaks from media placeholders (thanks NDevTK
for report)
x [nscl] Support for in-tree TLDs updates

v 11.4.27
============================================================
x [XSS] Better specificity of HTML elements preliminary
checks
x [XSS] Better specificity of potential fragmented injection
through framework syntax detection (thanks Rom623, barbaz
et al)
x [nscl] RegExp.combo(): RegExp creation by combination for
better readability and comments
x [nscl] Replaced lib/sha256.js with web platform native
implementation (thanks Martin for suggested patch)
x [nscl] Fixed property/function mismatch (thanks Alex)
x Fixed operators precedence issue #312 (thanks Alex)
x [nscl] Prevent dead object access on BF cache (thanks
jamhubub and mriehm)

v 11.4.26
============================================================
x [Android] Fixed regression preventing NoScript prompts
from being shown
x [XSS] Fallback to execute most demanding regular
expressions asynchronously
x [XSS] Removed obsolete Flash-related checks
x [XSS] Make InjectionChecker's regular expressions easier
to debug
x [XSS] Updated OpenID regexp

v 11.4.25
============================================================
x Reload extension on fatal failures
x [Android] Fixed UI styling regression
x Fixed UI inconsistencies when finer-grained contextual
policies are created/imported by other means (thanks
barbaz for reporting)

v 11.4.24
============================================================
x [XSS] Fix Base64 hash checks interfering with query string
checks (thanks barbaz for reporting)
x [TabGuard] Stop exempting domains bidirectionally by
default
x [TabGuard] Fix destination domain being reported as the
trigger of a warning prompt when all the other tab-tied
domains have been exempted (thanks barbaz for report)