Skip to content

CHANGELOG.md

Latest commit

 

History

History
1027 lines (718 loc) · 38.8 KB

CHANGELOG.md

File metadata and controls

1027 lines (718 loc) · 38.8 KB

Scriptlets and Redirect Resources Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

2.4.0-beta

Added

  • New mode parameter to all json-prune and trusted-json-set related scriptlets, which allows to specify the way of pruning JSON objects #522.
  • Line-delimited JSON processing in trusted-json-set related scriptlets #522.
  • $remove$ value to all trusted-json-set related scriptlets, which allows removing specific properties #522.
  • Support for JSONPath in json-prune, json-prune-fetch-response, json-prune-xhr-response, trusted-json-set, trusted-json-set-fetch-response and trusted-json-set-xhr-response scriptlets #522.

Changed

  • trusted-json-set now supports method-only logging, filtered log-only output, JSONPath-based log-only filters, and verbose logs only when a write actually happens #308.
  • log-addEventListener scriptlet: added new optional noProtect parameter, improving compatibility with other scriptlets that need to override addEventListener #551.
  • Updated @adguard/agtree to 4.1.0-beta.

Fixed

  • Logging original object in trusted-json-set scriptlet, previously original and modified object were pointing to the same reference, so the same content was logged, now deep copy is created for original object #308.
  • trusted-click-element no longer throws when event handlers set cancelBubble on spoofed events #555.

v2.3.1 - 2026-03-24

Changed

Fixed

  • disable-newtab-links not preventing clicks when the element has its own click handler added via addEventListener #483.

v2.3.0 - 2026-03-18

Added

  • New value to set-cookie and set-cookie-reload scriptlets: all #501.
  • New value to set-cookie and set-cookie-reload scriptlets: mandatory #518.
  • New value to set-cookie and set-cookie-reload scriptlets: declined #552.
  • trusted-json-set, trusted-json-set-fetch-response and trusted-json-set-xhr-response scriptlets #308.
  • freewheel-admanager redirect resource and scriptlet #401.
  • getCreativeId method to Ad class in google-ima3 redirect #515.

Changed

  • trusted-click-element now passes synthetic-like event objects to React handlers and supports clickType:native in extraMatch to force native click #554.
  • Added interceptChainProp helper to share intermediate chain property access logic across abort-on-property-read, abort-on-property-write, abort-on-stack-trace, abort-current-inline-script, debug-on-property-write, debug-on-property-read, debug-current-inline-script and log-on-stack-trace scriptlets #513.
  • prevent-window-open now checks all parameters #549.
  • Updated @adguard/agtree to 4.0.2.

Fixed

  • prevent-fetch — do not use modifyResponse on redirected requests #545.
  • issue with assigning window to property which was not set in abort-on-property-read, abort-on-property-write, abort-on-stack-trace, abort-current-inline-script, debug-on-property-write, debug-on-property-read, debug-current-inline-script and log-on-stack-trace scriptlets #513.

v2.2.16 - 2026-02-19

Added

  • prevent-navigation scriptlet to prevent navigation to another URL, or reload website #532.
  • prevent-constructor scriptlet to prevent constructor calls like new Promise() or new MutationObserver() #461.
  • remove-request-query-parameter scriptlet to remove query parameters from fetch and XMLHttpRequest requests #329.
  • Trusted Types API support in trusted-create-element scriptlet #507.
  • Trusted Types API support in Firefox #528.

Changed

  • prevent-addEventListener scriptlet: added new optional noProtect parameter, improving compatibility with other scriptlets that need to override addEventListener #550.
  • Updated @adguard/agtree to 4.0.1.

Fixed

  • prevent-xhr scriptlet, responseURL is now set at readyState 2, and the first state is skipped when onreadystatechange is assigned after xhr.open() #485.
  • Anti-adblock detection in spoof-css scriptlet by using cloaked bound functions instead of Proxies #422.
  • Response corruption in trusted-replace-fetch-response and trusted-replace-xhr-response scriptlets when URL pattern matches but content pattern does not #486.
  • XHR handling in trusted-replace-xhr-response and xml-prune scriptlets:
    • added withCredentials to forged requests,
    • fixed duplicate headers when multiple scriptlets are used,
    • used ProgressEvent for load and loadend events #486.
  • XHR scriptlet bypass vulnerability in trusted-replace-xhr-response, prevent-xhr, and xml-prune scriptlets where setting xhr.shouldBePrevented = false could disable the scriptlet #386.
  • Parsing of regexp patterns containing pipe | character in signatureStr arg of trusted-suppress-native-method scriptlet #473.
  • Stack matching in set-constant and trusted-set-constant scriptlets — now checked at property access time instead of scriptlet initialization #500.
  • Cloudflare captcha broken when >>> combinator is used in trusted-click-element scriptlet #491.

v2.2.15 - 2026-01-22

Added

  • Support for React elements that don't respond to native clicks in trusted-click-element scriptlet #542.

Changed

Fixed

  • Do not throw error on null event type in prevent-addEventListener scriptlet #539.

v2.2.14 - 2025-12-16

Added

  • prevent-innerHTML scriptlet #488.
  • Ability to configure observer timeout for trusted-click-element scriptlet with a new observerTimeout parameter #400.
  • Support for window.Fingerprint variable in fingerprintjs2 redirect (and scriptlet as well since it is an alias for redirect) #541.

Changed

v2.2.13 - 2025-11-25

Added

  • New value to set-cookie and set-cookie-reload scriptlets: denied #512.

Changed

Fixed

  • Determination of string values more precisely for trusted-set-constant scriptlet #499.
  • Support for negative priority suffix in UBO redirects rules.

v2.2.12 - 2025-11-12

Changed

v2.2.11 - 2025-10-17

Changed

v2.2.10 - 2025-09-11

Added

  • -base64 as an alias of base64decode in href-sanitizer scriptlet #493.

Changed

v2.2.9 - 2025-08-14

Added

  • trusted-replace-argument scriptlet #405.

Fixed

  • Incorrectly escaped quotes in trusted-replace-node-text scriptlet #517.
  • TrustedScriptURL in prevent-element-src-loading scriptlet #514.
  • Fix scriptlets compilation error in Safari 15 due to unsupported regex lookbehind #519.

v2.2.8 - 2025-07-08

Added

  • UBO aliases ubo-nobab, nobab, and bab-defuser for prevent-bab AdGuard scriptlet.

Changed

Fixed

  • trusted-set-cookie-reload scriptlet infinite page reloading when cookie with time keyword is used #489.

v2.2.7 - 2025-06-04

Changed

Fixed

  • json-prune scriptlet to properly handle null values while checking specified key in object #504.

v2.2.4 - 2025-05-23

Changed

Fixed

  • spoof-css scriptlet — incorrect DOMRect setting #498.

v2.2.1 - 2025-05-21

Fixed

  • Trusted types bundle.

v2.2.0 - 2025-05-21

Added

  • New values to set-cookie and set-cookie-reload scriptlets: emptyArr, emptyObj #497.
  • Ability to set random response content in prevent-fetch scriptlet #416.
  • Ability to choose CSS injection method in inject-css-in-shadow-dom scriptlet #477.
  • TypeScript types for CoreLibs provided ContentScriptApi.
  • Trusted Types API utility — PolicyApi.

Changed

  • Improved docs for json-prune, xml-prune and trusted-prune-inbound-object scriptlets #392.
  • Updated @adguard/agtree to 3.1.5.

Fixed

  • Escaping quotes in trusted-replace-node-text scriptlet #440.
  • trusted-suppress-native-method scriptlet, isMatchingSuspended was not reset when the stack does not match, so in some cases given method was not prevented #496.

v2.1.7 - 2025-04-03

Changed

Added

  • Ability in prevent-addEventListener scriptlet to match specific element and updated log-addEventListener scriptlet to log target element #480.

v2.1.6 - 2025-03-06

Fixed

  • Incorrectly removing content from parsed array when using the json-prune scriptlet #482.

v2.1.5 - 2025-02-28

Changed

Added

  • Ability in json-prune scriptlet to match key with specific value and remove array/object if it contains specific item #183.

Fixed

  • prevent-eval-if and prevent-bab scriptlets, now eval.toString() call returns original value #481.

v2.1.4 - 2025-01-20

Changed

  • ESM-only bundle.
  • trusted-click-element scriptlet, now when containsText is used then it will search for all given selectors and click on the first element with matched text #468.

Fixed

  • Issue with metrika-yandex-tag redirect when it's used as a scriptlet #472.
  • Issue with trusted-click-element scriptlet when delay was used and the element was removed and added again before it was clicked #391.

v2.0.1 - 2024-11-13

Added

  • prevent-canvas scriptlet #451.
  • Trusted Types API support in trusted-replace-node-text scriptlet #457.
  • parentSelector option to search for nodes for remove-node-text scriptlet #397.
  • transform option with base64decode value for href-sanitizer scriptlet #455.
  • removeParam and removeHash values in transform option for href-sanitizer scriptlet #460.
  • New values to set-cookie and set-local-storage-item scriptlets: forbidden, forever #458.

Changed

  • Set response ok to false by prevent-fetch if response type is opaque #441.
  • Improve prevent-xhr — modify response #415.
  • Improve prevent-xhr — add missed events #414.
  • Source type instead of IConfiguration.
  • API structure. Validators, Converters, Scriptlets and redirects are now separate modules.
  • The minimum supported Safari version is now 13.
  • Updated @adguard/agtree to 3.0.0-alpha.1.

Removed

  • IIFE bundle.
  • UMD bundle.
  • Various conversion and validation functions including isAdgRedirectRule, isAdgRedirectCompatibleWithUbo, isUboRedirectCompatibleWithAdg, isAbpRedirectCompatibleWithAdg, convertUboRedirectToAdg, convertAbpRedirectToAdg, convertRedirectToAdg, and convertRedirectNameToAdg functions.

v1.12.1 - 2024-09-20

Added

  • Integrated @adguard/agtree library for working with rules, compatibility tables, validator and converter.

Fixed

  • Re-adding element on every DOM change in trusted-create-element scriptlet #450.
  • Setting cookie which name has special prefix __Host- or __Secure- by trusted-set-cookie and trusted-set-cookie-reload scriptlets #448.

v1.11.27 - 2024-08-29

Added

  • reload option for trusted-click-element scriptlet #301.
  • Support for matching line number in abort-on-stack-trace scriptlet when inlineScript or injectedScript option is used #439.
  • New values to set-cookie and set-cookie-reload scriptlets: checked, unchecked #444.
  • New values to set-local-storage-item and set-session-storage-item scriptlets: allowed, denied #445.
  • UBO aliases noop-vast2.xml, noop-vast3.xml, and noop-vast4.xml for correspondent AdGuard redirects.
  • New field uniqueId to scriptlet configuration, allowing scriptlets to be executed only once per context.

Changed

  • UBO alias noop-vmap1.0.xml for noopvmap-1.0 redirect is replaced by noop-vmap1.xml.

Fixed

  • Modifying RegExp.$1, …, RegExp.$9 values in log-on-stack-trace and abort-on-stack-trace scriptlets #384.

v1.11.16 - 2024-08-01

Added

  • trusted-set-session-storage-item scriptlet #426.
  • New values to set-cookie and set-cookie-reload scriptlets: essential, nonessential #436.
  • $currentISODate$ as a new possible value to set-cookie, set-cookie-reload, set-local-storage-item and set-session-storage-item scriptlets #435.

Fixed

  • Re-adding element after removing it in trusted-create-element scriptlet #434.
  • trusted-click-element scriptlet does not click on an element that is already in the DOM #437.

v1.11.6 - 2024-07-08

Added

  • New values to set-cookie and set-cookie-reload scriptlets: hide, hidden #433.
  • New values to set-local-storage-item and set-session-storage-item scriptlets: accept, accepted, reject, rejected #429.
  • Ability to log original and modified content in trusted-replace-node-text, xml-prune, m3u-prune, trusted-replace-fetch-response and trusted-replace-xhr-response scriptlets #411.

Changed

v1.11.1 - 2024-06-13

Added

  • trusted-dispatch-event scriptlet #382.
  • trusted-replace-outbound-text scriptlet #410.
  • Ability to click on the element with specified text in trusted-click-element scriptlet #409.
  • Ability to click element in closed shadow root in trusted-click-element scriptlet #423.
  • isRedirectResourceCompatibleWithAdg() method to check compatibility of redirect resources with AdGuard without needing the full rule text #420.

Deprecated

  • ruleText option in the IConfiguration.

Fixed

  • set-attr value cannot be set to minimum 0 and maximum 32767 possible value #425.

v1.10.25 - 2024-03-28

Added

  • trusted-suppress-native-method scriptlet #383.
  • json-prune-fetch-response scriptlet #361.
  • json-prune-xhr-response scriptlet #360.
  • href-sanitizer scriptlet #327.
  • no-protected-audience scriptlet #395.
  • The ability for prevent-fetch scriptlet to set cors as a response type #394.
  • The ability for trusted-click-element scriptlet to click inside open shadow doms #323.
  • Domain value for setting cookie scriptlets #389.
  • Multiple redirects can now be used as scriptlets #300:
    • amazon-apstag;
    • didomi-loader;
    • fingerprintjs2;
    • fingerprintjs3;
    • gemius;
    • google-analytics;
    • google-analytics-ga;
    • google-ima3;
    • googlesyndication-adsbygoogle;
    • googletagservices-gpt;
    • matomo;
    • metrika-yandex-tag;
    • metrika-yandex-watch;
    • naver-wcslog;
    • pardot-1.0;
    • prebid;
    • scorecardresearch-beacon.

Changed

  • Validation of scriptlet rules with no name and args for multiple scriptlet exception rules #377.
  • Cookie name is not encoded by cookie setting scriptlets #408.
  • Increased the possible numeric value up to 32767 for set-cookie and set-cookie-reload scriptlets #388.

Fixed

  • UBO→ADG conversion of $remove$ scriptlet param #404.
  • set-constant scriptlet not setting a constant over falsy values #403.

v1.10.1 - 2024-02-12

Added

  • call-nothrow scriptlet #333.
  • spoof-css scriptlet #317.
  • trusted-create-element scriptlet #278.
  • trusted-set-attr scriptlet #281.
  • Ability of set-attr to set an attribute value as a copy of another attribute value of the same element.
  • UBO alias for set-cookie-reload scriptlet #332.
  • New values t, f, necessary, required for set-cookie and set-cookie-reload #379.

v1.9.105 - 2023-12-25

Added

  • OmidVerificationVendor object to google-ima3 redirect #353.
  • ga.q (queued commands) to google-analytics redirect #355.

Fixed

  • addEventListener in EventHandler in google-ima3 redirect, now it binds context to callback #353.
  • AdDisplayContainer constructor in google-ima3 redirect, now it adds div element to container #353.
  • getInnerError method in google-ima3 redirect, now it returns null #353.

v1.9.101 - 2023-11-30

Added

  • emptyStr value for responseBody in prevent-fetch scriptlet #364.
  • setPrivacySettings() method to googletagservices-gpt redirect #344.
  • UBO alias noop.json for noopjson redirect.
  • Library version number to the exports AdguardBrowserExtension#2237.

Changed

  • prevent-fetch scriptlet, if responseType is set to opaque then now response body is set to null, status is set to 0 and statusText is set to '' #364.

v1.9.96 - 2023-11-15

Added

  • Regular expression support for removing items in set-local-storage-item and set-session-storage-item scriptlets #256.
  • Ability to set proxy trap in set-constant scriptlet #330.

v1.9.91 - 2023-11-13

Added

  • trusted-prune-inbound-object scriptlet #372.
  • New values to set-cookie scriptlet: on, off, accepted, notaccepted, rejected, allowed, disallow, enable, enabled, disable, disabled #375.
  • New values to set-local-storage-item and set-session-storage-item scriptlets: on, off #366.

Fixed

  • Setting proxy trap every time when property is accessed in set-constant scriptlet #380.
  • Issue with stack in evaldata-prune scriptlet #378.
  • Setting values to wrong properties in set-constant scriptlet #373.

v1.9.83 - 2023-10-13

Added

  • ABP alias for the log scriptlet.

Fixed

  • Issue with trusted-replace-fetch-response scriptlet in case if data URL was used and properties was set by Object.defineProperty to deceive scriptlet #367.
  • Adding the same header value in trusted-replace-xhr-response scriptlet when it is used multiple times for the same request #359.
  • Not pruning in m3u-prune scriptlet if file contains carriage return #354.
  • Not overriding value in set-constant (only partially, for cases where single scriptlet is used) #330.

v1.9.72 - 2023-08-25

Added

  • Conversion for scriptlets:
    • set-attr;
    • set-cookie;
    • set-local-storage-item;
    • set-session-storage-item.

v1.9.70 - 2023-08-21

Added

  • Support for XPath in xml-prune scriptlet #325.
  • Conversion of UBO's $redirect priority to the converter tsurlfilter#59.

Fixed

  • Issue with stack in json-prune scriptlet #348.
  • Issue with obligatoryProps in json-prune scriptlet #345.

v1.9.62 - 2023-08-04

Fixed

  • prevent-xhr closure bug on multiple requests #347.

v1.9.61 - 2023-08-01

Added

  • convertRedirectNameToAdg() method to convert redirect names to ADG #346.

v1.9.58 - 2023-07-27

Fixed

  • Escape commas in the params during conversion to ubo rules #343.

v1.9.57 - 2023-07-21

Added

  • Ability to remove an item from storage in set-local-storage-item and set-session-storage-item scriptlets #338.
  • New values to set-cookie and set-cookie-reload scriptlets: Accept, Reject, y, n, N, No, allow, deny #336.
  • Ability to use flags in regular expression scriptlet parameters #303.

Changed

  • Predefined values of set-cookie and set-cookie-reload are now case-insensitive #342.

Fixed

  • Overwriting google.ima value if it was already set #331.
  • Printing unnecessary logs to the console in log-addEventListener scriptlet #335.
  • Error throwing in prevent-fetch and prevent-xhr scriptlets when a request is blocked #334.

v1.9.37 - 2023-06-06

Added

  • evaldata-prune scriptlet #322.
  • trusted-replace-node-text scriptlet #319.
  • remove-node-text scriptlet #318.
  • Ability for prevent-element-src-loading scriptlet to prevent inline onerror and match link tag #276.
  • New special value modifiers for set-constant #316.

Changed

  • trusted-set-cookie and trusted-set-cookie-reload scriptlets to not encode cookie name and value #311.
  • Improved prevent-fetch: if responseType is not specified, original response type is returned instead of default #297.

Fixed

  • Pruning when addEventListener was used before calling send() method in m3u-prune and xml-prune scriptlets #315.
  • Issue with updateTargetingFromMap() method in googletagservices-gpt redirect #293.
  • Website reloading if $now$/$currentDate$ value is used in trusted-set-cookie-reload scriptlet #291.
  • getResponseHeader() and getAllResponseHeaders() methods mock in prevent-xhr scriptlet #295.

v1.9.7 - 2023-03-14

Added

  • Ability for trusted-click-element scriptlet to click element if cookie/localStorage item doesn't exist #298.
  • Static delay between multiple clicks in trusted-click-element #284.

Changed

  • Improved the convertScriptletToAdg() method — now it validates the input rule syntax if it is an ADG rule.

Fixed

  • Issue with MutationObserver.disconnect() in trusted-click-element #284.

v1.9.1 - 2023-03-07

Added

  • m3u-prune scriptlet #277.
  • true and false values for set-attr scriptlet #283.
  • UBO alias noop.css for noopcss redirect.

Changed

  • Decreased the minimal value for the boost parameter to 0.001 for adjust-setTimeout and adjust-setInterval #262.

Fixed

  • prevent-element-src-loading throwing error if thisArg is undefined #270.
  • Logging null in json-prune #282.
  • xml-prune: no pruning a request if new Request() is used, throwing an error while logging some requests #289.
  • Improve performance of the isValidScriptletName() method.

v1.8.2 - 2023-01-19

Added

  • trusted-set-constant scriptlet #137.
  • inject-css-in-shadow-dom scriptlet #267.
  • throwFunc and noopCallbackFunc prop values for set-constant scriptlet.
  • recreateIframeForSlot method mock to googletagservices-gpt redirect #259.

Changed

  • Added decimal delay matching for prevent-setInterval and prevent-setTimeout #247.
  • Debug logging to include rule text when available.
  • getScriptletFunction calls to throw error on unknown scriptlet names.

Fixed

  • prevent-xhr and trusted-replace-xhr-response closure bug on multiple requests #261.
  • Missing googletagmanager-gtm in compatibility table.

v1.7.20 - 2022-12-26

Added

  • isBlocking() method for Redirects class.
  • file field for redirect type.

Fixed

  • Redirects types.

v1.7.19 - 2022-12-22

Fixed

  • prevent-addEventListener and log-addEventListener loosing context. when encountering already bound .addEventListener.
  • google-ima3 conversion.

v1.7.14 - 2022-12-16

Added

v1.7.13 - 2022-12-13

Fixed

  • isEmptyObject helper not counting prototype as an object property.

v1.7.10 - 2022-12-07

Added

  • trusted-set-cookie-reload scriptlet.

Fixed

  • set-cookie-reload infinite page reloading #265.
  • Breakage of prevent-element-src-loading due to window getting into apply wrapper #264.
  • Spread of args bug at getXhrData call for trusted-replace-xhr-response.
  • Request properties array not being served to getRequestData and parseMatchProps helpers.

v1.7.3 - 2022-11-21

Added

  • Trusted scriptlets with extended capabilities:

    • trusted-click-element #23;
    • trusted-replace-xhr-response #202;
    • trusted-replace-fetch-response;
    • trusted-set-local-storage-item;
    • trusted-set-cookie.

  • Scriptlets:

Changed

  • Scriptlets:
    • prevent-element-src-loading #228;
    • prevent-fetch #216;
    • abort-on-stack-trace #201;
    • abort-current-inline-script #251;
    • set-cookie & set-cookie-reload.
  • Redirects:
    • google-ima3 #255;
    • metrika-yandex-tag #254;
    • googlesyndication-adsbygoogle #252.