NoScript 2022

1. Contextual Policies & LAN Protection follow-up

2022/02/24 - 2022/09/07

Hours: 20

A few bug fixes and enhancements to these features made after their official release.

  1. Fix for contextual permissions display inconsistencies in options panel.
  2. Always avoid DNS resolution when a HTTP(S) proxy is used.
  3. More accurate blocking stats.
  4. Use window.origin when fetching policies for inheriting special URLs.
  5. Extended origin normalization to top-level documents.
  6. Better origin guess for requests from sandboxed iframes
  7. Avoid using fallback origins for main_frame loads.

2. UX & Accessibility Enhancements

2022/02/20 - 2022/09/09

Hours: 320

Once Context Policies & LAN Protection, among the most UI-impactful recent NoScript features, has been released, a lot of work has been put into enhancing and modernizing the apperance and usability of the whole product, inspired by a Simply Secure visual refresh study and by the accessibility audit provided by NLNet.

  1. [Android] Improved CUSTOM panel portrait layout.
  2. Better accessibility and styling for popup global buttons.
  3. Prevent popup closure and automatic reload when restrictions are disabled for the tab or globally.
  4. Support for extra UI in the popup's message box.
  5. Support for selectively hiding messages.
  6. Support icon buttons elsewhere in the UI (e.g. in the messagebox).
  7. Prominently warn user whenever restrictions are disabled.
  8. Avoid closing the customizer on arrow up key context selection change.
  9. [Android] Better styling for icon buttons in message box.
  10. Fix regressions in draggable toolbar buttons.
  11. Close UI and reload immediately when enabling global/tab restrictions or disabling them for the tab only.
  12. Make disabled buttons draggable and hidden enabled buttons interactive when the "graveyard" is open.
  13. More deterministic DnD placeholder creation.
  14. Avoid flashing empty graveyard on popup opening.
  15. [Chromium] Fix high contrast option not working.
  16. Make high contrast and draggable toolbar items mutually exclusive.
  17. Visual refresh based on Simply Secure concept artwork.
  18. Improve buttons and tabs appearance.
  19. Align capabilities on the vertical center.
  20. Make focus hint less elusive for needed capability widgets.
  21. Partial status indicator on the left of the icon, to accommodate Chromium's badge position.
  22. Fix blurry icons on Chromium.
  23. Fix placeholder close button shadow.
  24. More consistent cross-browser widgets.
  25. Fixed automatic reload not always triggered for CUSTOM tweakings.
  26. Fixed undefined lastInput on tab key.
  27. Improved high contrast layout.
  28. Dark theme support.
  29. Dark and light themes refinements.
  30. Fix for regression: request and execution attempts not being reported anymore in the UI if restrictions are disabled.
  31. Apply preferred theme to media placeholders.
  32. Avoid useless reload if no actual change has happened in enforcement status.
  33. More visual/theming tweaks.
  34. Remember last active tab when opening the option window.
  35. More visual tweaks.
  36. Remove debug statements.
  37. Sticky toolbar and scrollable fixed-height content in browserAction popups.
  38. Ensure better visibility for in-popup message box.
  39. Dark/Light/Auto theme switcher in Appearance options panel.
  40. Improved light/dark schemes support.
  41. Prompts can be closed by keyboard: Enter emulates the default button click, Escape the cancel action.
  42. Remove redundant style patching.
  43. Include ServiceWorker-initiated fetch requests in UI reporting.
  44. Optimized visual layout responsiveness.
  45. Donation button.
  46. Fix breakage when dom.storage.enabled is set to false.
  47. Support for reverting to the "Vintage Blue" style (NoScript Options/Appearance).
  48. Fix status icon not always synchronized with vintage/modern setting.
  49. More robust fallback for private windows.
  50. Cross-theme visual tweaks.
  51. More explanatory text for the Modern Red / Vintage Blue switch.
  52. Fixed UI in private windows always inheriting the fallback browser color scheme until explicitly set.
  53. Icon sizes adjustments.
  54. Focus indicator for on/off switches.
  55. Dynamic size adjustments on theme changes.
  56. Fixed confusing theme application until a choice is made.
  57. Support for focusing and/or highlighting elements when opening the options page.
  58. Open the appearance page for users to configure their preferred visual theme on upgrade from 11.4.1rc3 and below.
  59. Further tone down vintage icon brightness in dark mode.
  60. More resilient CSS patching.
  61. Removed missing stylesheet reference.
  62. Higher fidelity "Vintage Blue" theme.
  63. Override dark vintage theme brightness filter on images for important UX cues.
  64. Minor cross-theme visual tweakings.
  65. Localizable Modern Red / Vintage Blue switch.
  66. New "Enable restrictions on browser restart" option.
  67. More balanced Modern Red icon set.
  68. Improved layout.
  69. Fixed regression removing hover effect from toolbar buttons.
  70. [Android] Fixed regression: preset labels not correctly sized in landscape mode.
  71. Improved visual cues for selected presets (issue #235, thanks @unsungNovelty for report).
  72. Improved preset label positioning.
  73. Removed eyes from default disabled and unrestricted small icons.
  74. Less blurry focus halo.
  75. Cleaner and more definite checked preset layout.
  76. Better contrast for "unsafe" URL labels.
  77. Reduce toolbar unused space.
  78. [Android] Preset size tweakings.
  79. Dark scheme for high contrast toolbar buttons
  80. Reversed colors in Modern Red permissive icons for better contrast.
  81. Better layout for mixed status icons.
  82. Minor icon tweakings.
  83. Fixed vintage icon brightness in automatic light mode.
  84. Various user-driven visual tweaks.
  85. Cut down description with link to the website and security reporting information.
  86. Reduce toolbar bottom shaded line tickness.
  87. Updated NSCL reference.
  88. Improved preset sizing.
  89. Opaque white for vintage lock icons.
  90. [UI] Focus visual feedback adjustments.
  91. [UI] Flatter preset appearance.
  92. [nscl] Copy NOSCRIPT elements' attribute in emulated replacements
  93. Fix broken NoScript dialogs when browser.privatebrowsing.autostart = true

3. Cross-tab Identity Leak Protection (TabGuard)

2022/08/02 - 2022/08/31

Hours: 80

Implementing an experimental countermeasure against the Targeted Deanonymization via the Cache Side Channel attack by Mojtaba Zaheri, Yossi Oren and Reza Curtmola, presented at Usenix Security in August 2022 .

  1. Cross-tab identity leak protection
  2. [TabGuard] Better management of subrequests in undecided tabs.
  3. [TabGuard] Move "forget" button in its own line.
  4. [TabGuard] Improved specificity + some bug fixes.
  5. [TabGuard] Better request lifecycle management.
  6. [TabGuard] Avoid infinite redirection loops.
  7. [TabGuard] Stricter criteria for cutting tab relations
  8. [TabGuard] Abort the load when the warning dialog is closed by any mean except the OK button.
  9. More precise tracking of implicit origins in tab URLs.
  10. [TabGuard] Fixed regression in about:blank handling.
  11. [TabTies] Cascade and merge ties in a shared pool, to prevent them from being cut by closing a middle tab.