NoScript 2022
1. Contextual Policies & LAN Protection follow-up
2022/02/24 - 2022/09/07
Hours: 20
A few bug fixes and enhancements to these features made after their official release.
- Fix for contextual permissions display inconsistencies in options panel.
- Always avoid DNS resolution when a HTTP(S) proxy is used.
- More accurate blocking stats.
- Use window.origin when fetching policies for inheriting special URLs.
- Extended origin normalization to top-level documents.
- Better origin guess for requests from sandboxed iframes
- Avoid using fallback origins for main_frame loads.
2. UX & Accessibility Enhancements
2022/02/20 - 2022/09/09
Hours: 320
Once Context Policies & LAN Protection, among the most UI-impactful recent NoScript features, has been released, a lot of work has been put into
enhancing and modernizing the apperance and usability of the whole product, inspired by a Simply Secure visual refresh study and by the accessibility audit provided by NLNet.
- [Android] Improved CUSTOM panel portrait layout.
- Better accessibility and styling for popup global buttons.
- Prevent popup closure and automatic reload when restrictions are disabled for the tab or globally.
- Support for extra UI in the popup's message box.
- Support for selectively hiding messages.
- Support icon buttons elsewhere in the UI (e.g. in the messagebox).
- Prominently warn user whenever restrictions are disabled.
- Avoid closing the customizer on arrow up key context selection change.
- [Android] Better styling for icon buttons in message box.
- Fix regressions in draggable toolbar buttons.
- Close UI and reload immediately when enabling global/tab restrictions or disabling them for the tab only.
- Make disabled buttons draggable and hidden enabled buttons interactive when the "graveyard" is open.
- More deterministic DnD placeholder creation.
- Avoid flashing empty graveyard on popup opening.
- [Chromium] Fix high contrast option not working.
- Make high contrast and draggable toolbar items mutually exclusive.
- Visual refresh based on Simply Secure concept artwork.
- Improve buttons and tabs appearance.
- Align capabilities on the vertical center.
- Make focus hint less elusive for needed capability widgets.
- Partial status indicator on the left of the icon, to accommodate Chromium's badge position.
- Fix blurry icons on Chromium.
- Fix placeholder close button shadow.
- More consistent cross-browser widgets.
- Fixed automatic reload not always triggered for CUSTOM tweakings.
- Fixed undefined lastInput on tab key.
- Improved high contrast layout.
- Dark theme support.
- Dark and light themes refinements.
- Fix for regression: request and execution attempts not being reported anymore in the UI if restrictions are disabled.
- Apply preferred theme to media placeholders.
- Avoid useless reload if no actual change has happened in enforcement status.
- More visual/theming tweaks.
- Remember last active tab when opening the option window.
- More visual tweaks.
- Remove debug statements.
- Sticky toolbar and scrollable fixed-height content in browserAction popups.
- Ensure better visibility for in-popup message box.
- Dark/Light/Auto theme switcher in Appearance options panel.
- Improved light/dark schemes support.
- Prompts can be closed by keyboard: Enter emulates the default button click, Escape the cancel action.
- Remove redundant style patching.
- Include ServiceWorker-initiated fetch requests in UI reporting.
- Optimized visual layout responsiveness.
- Donation button.
- Fix breakage when dom.storage.enabled is set to false.
- Support for reverting to the "Vintage Blue" style (NoScript Options/Appearance).
- Fix status icon not always synchronized with vintage/modern setting.
- More robust fallback for private windows.
- Cross-theme visual tweaks.
- More explanatory text for the Modern Red / Vintage Blue switch.
- Fixed UI in private windows always inheriting the fallback browser color scheme until explicitly set.
- Icon sizes adjustments.
- Focus indicator for on/off switches.
- Dynamic size adjustments on theme changes.
- Fixed confusing theme application until a choice is made.
- Support for focusing and/or highlighting elements when opening the options page.
- Open the appearance page for users to configure their preferred visual theme on upgrade from 11.4.1rc3 and below.
- Further tone down vintage icon brightness in dark mode.
- More resilient CSS patching.
- Removed missing stylesheet reference.
- Higher fidelity "Vintage Blue" theme.
- Override dark vintage theme brightness filter on images for important UX cues.
- Minor cross-theme visual tweakings.
- Localizable Modern Red / Vintage Blue switch.
- New "Enable restrictions on browser restart" option.
- More balanced Modern Red icon set.
- Improved layout.
- Fixed regression removing hover effect from toolbar buttons.
- [Android] Fixed regression: preset labels not correctly sized in landscape mode.
- Improved visual cues for selected presets (issue #235, thanks @unsungNovelty for report).
- Improved preset label positioning.
- Removed eyes from default disabled and unrestricted small icons.
- Less blurry focus halo.
- Cleaner and more definite checked preset layout.
- Better contrast for "unsafe" URL labels.
- Reduce toolbar unused space.
- [Android] Preset size tweakings.
- Dark scheme for high contrast toolbar buttons
- Reversed colors in Modern Red permissive icons for better contrast.
- Better layout for mixed status icons.
- Minor icon tweakings.
- Fixed vintage icon brightness in automatic light mode.
- Various user-driven visual tweaks.
- Cut down description with link to the website and security reporting information.
- Reduce toolbar bottom shaded line tickness.
- Updated NSCL reference.
- Improved preset sizing.
- Opaque white for vintage lock icons.
- [UI] Focus visual feedback adjustments.
- [UI] Flatter preset appearance.
- [nscl] Copy NOSCRIPT elements' attribute in emulated replacements
- Fix broken NoScript dialogs when browser.privatebrowsing.autostart = true
3. Cross-tab Identity Leak Protection (TabGuard)
2022/08/02 - 2022/08/31
Hours: 80
Implementing an experimental countermeasure against the Targeted Deanonymization via the Cache Side Channel attack by Mojtaba Zaheri, Yossi Oren and Reza Curtmola,
presented at Usenix Security in August 2022 .
- Cross-tab identity leak protection
- [TabGuard] Better management of subrequests in undecided tabs.
- [TabGuard] Move "forget" button in its own line.
- [TabGuard] Improved specificity + some bug fixes.
- [TabGuard] Better request lifecycle management.
- [TabGuard] Avoid infinite redirection loops.
- [TabGuard] Stricter criteria for cutting tab relations
- [TabGuard] Abort the load when the warning dialog is closed by any mean except the OK button.
- More precise tracking of implicit origins in tab URLs.
- [TabGuard] Fixed regression in about:blank handling.
- [TabTies] Cascade and merge ties in a shared pool, to prevent them from being cut by closing a middle tab.