Recent Changes

General

Introduced a permission editor for enhanced management of host permissions

Updated GM_download to make the name parameter optional and implemented extraction from the response headers

Removed use of deprecated DOMNodeInserted and MutationEvent events

Fixed an issue with the url property of GM_notification when no onclick listener is set

Updated GM_download to initiate downloads in parallel again

Resolved a failure when accessing xhr.responseXML of HTTP responses

No longer displaying script modification conflict warnings when there's no conflict

Resolved an issue with Instant Injection mode when a script requires a local file

Addressed problems related to script installation from certain Gitlab URLs

Removed warning about script updates being disabled upon script modification

Resolved multiple internal issues to prevent potential crashes

Corrected the functionality of window.showDirectoryPicker

Enhanced detection of new GreasyFork script URLs

Introduced id parameter in GM_registerMenuCommand to update existing commands

Added tag in GM_notification to overwrite existing notifications

Incorporated url property in GM_notification to open a new tab on click (can be cancelled by onClick event via preventDefault)

Notifications now automatically close when the userscript unloads and neither a url nor a tag was specified

Adjusted GM_download to prevent frequent triggering of onload

Refined version number parser to support ISO format dates
Note: As a result of this change, 1.0-0.3 is now considered a lower version number than 1.0

Overhauled aspects related to Instant Navigation

Accepted user-defined globals in ESLint configuration

Enhanced sandbox window addEventListener to support EventListenerObjects

Introduced a title option to GM_registerMenuCommand

Introduced feature to append script version number during disk save operations

Content-security-policy (CSP) directives are no longer relaxed by default
Notes:

In Chrome, script injection should function as usual, but some userscripts may depend on a relaxed CSP
In Firefox, if the page CSP blocks injection, userscripts are now injected into a JavaScript-mode @sandbox, which may require cloneInto and friends for unsafeWindow property modification
The previous behavior can be reinstated by setting 'Modify existing content security policy (CSP) headers' to 'Yes'
This change aids in better adherence to the Mozilla add-on development policies

Locally modified scripts are not automatically updated, but can now be manually updated and confirmed for reversion

Introduced an option in GM_registerMenuCommand to prevent automatic closing of the popup on click

Corrected GM_xmlhttpRequest FormData key-value order

Adjusted ESLint to permit top-level await

Resolved BSD issue caused by incorrect getPlatformInfo response

Locales

Updated Italian translation | thanks to bovirus

Updated Portuguese-Brazil translation | thanks to igorruckert

Updated Danish translation | thanks to jhertel

Updated Chinese (simplified) translation | thanks to PaperStrike

Updated Russian translation | thanks to adem4ik

Updated Vietnamese translation | thanks to IoeCmcomc

Updated Japanese translation | thanks to maboroshin and shirayuki

Updated Japanese translation | thanks to shirayuki

Updated Russian translation | thanks to ACherepkov1989

Updated Turkish translation | thanks to selimsumlu

Updated Chinese (traditional) translation | thanks to 5idereal

Updated French translation | thanks to Juknum

Restored the application of custom CSS to installation pages

Fixed quirks in the darker theme

Repaired the 'Sync Now' button

Corrected the 'Save To Disk' button in the editor

Corrected 'replace all' functionality in code editor for certain strings

Enabled 'Sync Now' and 'Sync Reset' only after changes have been saved

Corrected script search badge mode to display accurate numbers

Implemented horizontal scrolling for tabs when the quantity exceeds the display limit

Search-as-you-type now consistently starts from the current position

Sync

Implemented anonymous requests for WebDAV to prevent overwriting of browser sessions

Fixed WebDAV-based sync in cases of unexpected existing folder structures

Reworked to reduce some authentication requests

Chrome

Adjusted popup menu behavior when the page is viewed as a 'shortcut'

Eliminated warning message 'Tabs cannot be edited right now'

General

Additional fixes related to document.write

Fix the active script count when an embedded frame is removed

Fix issues when document.write was called

Fix cookies response headers if GM_xhr.redirect is set to manual

Fix automatic detection mode of Add GM functions to this or window

Add GM_xhr.redirect option support with one of follow, error or manual as possible value

Remove GM_info.userAgent in favor of GM_info.userAgentData with all properties of NavigatorUAData and some "high entropy" values

Fix disappearing 'Yes' value of the 'Modify existing content security policy headers' option

Fix GM.download(url, name)

Add experimental GM_info.userAgent

Fix GM_setValue with binary content

Fix sometimes broken userscript link in stack trace

Allow cloud backups to be downloaded

ESLint updated to 8.32.0

Fix menu command listeners sometimes being executed multiple times

Fix GM_deleteValue to really delete values also in background

Make the storage editor show undefined values as well

Internal cleanup and rework for manifest v3

Internal rework and cleanup

Disable wrappedJSObject compatibility option by default

Fix GM_unregisterMenuCommand

Fix GM.saveTab

Make @sandbox always default to raw

Make console methods enumerable again

Fix @resource SVG handling

Allow GM_xmlhttpRequestsstreams to be canceled

Add some more entries to the download file extension whitelist

Add GM_download.details.conflictAction (works only in browser API mode)

Add GM_xmlhttpRequestsupload.onprogress support

Add .webp to the download whitelist

Add some more editor shortcuts

Experimental @sandbox support with possible values 'raw', 'JavaScript' and 'DOM'

'raw' access means that a script for compatibility reasons always needs to run in page context. At the moment this mode is the default if @sandbox is omitted.
'JavaScript' access mode means that this script needs unsafeWindow access. At Firefox a special context is created which should also bypass all remaining CSP issues. Execution in page context is used as fallback at other browsers.
'DOM' access mode means that the script only needs DOM and no direct unsafeWindow access. If enabled these scripts are executed inside the extension context or at any other enabled context otherwise.

Add an option to configure available sandbox modes
Warning: Any option that enables 'DOM' mode is potentially unsecure. Userscripts that run in extension context have almost full extension permissions and can even modify and install new userscripts.

Remove document.addEventListener('DOMContentLoaded', ...) delayed event dispatching for document-start scripts executed later than the event

Remove toSource object prototype compat option

Fix issues with heavily increased page loading time caused by some scripts or @requires

Introducing Tam, your helpful assistant for getting started

Confirm script deletion in the dashboard if the trash is disabled

Show more site icons per script

Search editor as you type

Assure editor search results are scrolled in view

Improve visualization of blacklisted scripts

Allow script tabs to be closed via middle mouse click

Add a close button to the header of some more dialogs

Fix script toggle element if darker theme is enabled

Show script sync log messages at the settings page

Allow drag and drop inside the editor again

Chrome

Fix active script count not being reset on tab reloads

Avoid showing a warning message at almost all tabs

Locales

Show a localized extension name to Chinese users

Update Italian translation | thanks to bovirus

Localize extension name and description

Update Japanese translation | thanks to shirayuki

Update Chinese (simplified) translation | thanks to gin3715

Update Russian translation | thanks to Tyemak

Add Macedonian translation | thanks to EntityPlantt

Add Hellenic (Greek) translation | thanks to panos78

Update Chinese (simplified) translation | thanks to iskandarma

Update Portuguese-Brazil translation | thanks to DavidBrazSan

Update Russian translation | thanks to vanja-san

Update Chinese (traditional) translation | thanks to SiderealArt

Update Danish translation | thanks to will2022

Sync

Make TamperDAV script change detection work regardless of boot order

When using WebDAV, add a trailing slash notation to collection names as suggested by the spec

Fix issues regarding enabling and disabling sync

Don't disable script updates on sync triggered change imports

Add an access token revoke button to some more cloud storage types
Note: make sure to sign out from the service first if you want to login with another account.

Dropbox: avoid upload of identical content

Experimental

Support userscript editing at vscode.dev if the Tampermonkey Editors extension is installed

Chrome

General

Minor internal cleanup

Sandbox improvements

External @require and @resource content is not updated by default anymore unless the script was updated

Improved compatibility for userstyles installed as userscript

Add an option to control whether to bind GM API functions to the userscript's execution context and sandbox window (and do it by default only if necessary)
Details: Enabling this makes it very easy for a userscript to accidentally leak its granted powers to the page

Treat @include a little bit more like @match if :// is present and add an option to control @include's behavior
Details: Many script developers expect @include *://tmnk.net/* to match pages at tmnk.net only, but it also matches https://example.com/?http://tmnk.net/.
To improve this, @includes that contain a :// are now interpreted a little bit different. Every * before :// now only matches the URL scheme. Also, if :// is directly followed by a * or a / somewhere, then the first * or all until / are applied to the hostname only.

Fix encoding of userscript file and URL imports

Show script and external resources size in dashboard

Show last updated time as relative time if within 4 weeks or as absolute date otherwise

Fix darker theme quirk

Fix favicons with transparent background

Improve editor menu if advanced editor is disabled

Add a localStorage option to manually disable the linter worker if importScripts force reloads the page

Locales

Update Turkish translation | thanks to Tmp341

Update Japanese translation | thanks to shirayuki

Update Portuguese-Brazil translation | thanks to igorruckert

Update Chinese (simplified) translation | thanks to xiaopangju

Update Chinese (simplified) translation | thanks to dnknn

Update Hindi translation | thanks to Yash-Singh1

Update French translation | thanks to omerien

Update Italian translation | thanks to bovirus

Update Russian translation | thanks to wvxwxvw

Update Chinese (traditional) translation | thanks to ndbiaw and SiderealArt

General

Allow userscript installation via drag and drop to options page also in case local file access is disabled

Fix prototype confusion in sandbox mode

Fix GM_getValue and GM_xmlhttpRequest response prototype confusion

Fix GM_setValue and include enumerable array values of the prototype chain as well

Fix sandbox window to have Object prototype methods agin

Fix custom ESLint config

Add known globals to editor auto-suggestion again

Make @connect * work with requests to IPs and hostnames (like localhost) again

Allow GM_getValue to return undefined as value

Improve JavaScript scriptlet support via @unwrap tag

Fix GM_xmlhttpRequest to forward status and statusText in fetch mode once available

Fix some rare exceptions happening in the wild

Sandbox improvements

Make cloud service re-authentication without user intervention less disturbing

Use up to ES2022 for linting if supported by the browser

Update ESLint

Fix several issues with older browser versions

Fix cookies overwriting in anonymous GM_xmlhttpRequest mode

Add a global and a per script setting to choose whether to run in incognito tabs

Replace worker based image cache to avoid problems at some browsers

Fix some userscript injection issues

Add some more audio formats to the download file extension whitelist

Use higher resolution if Google's favicons service is used

Always log an error at the page console if a @require or @resource couldn't be loaded

Improve GM_xmlhttpRequest event timings and make response readable on request errors as well

Make GM_notification.highlight focus the window as well

Make trash configurable (on/off/session only)

Fix issues caused by extremely delayed setTimeout(..., 0) calls

Add MouseEvent/KeyboardEvent argument to GM_registerMenuCommand callbacks

Add a focus method to the return value of GM_openInTab

GM_xmlhttpRequest.responseType 'stream' support

Make import from URL support zip, JSON and plain userscript files

Show an internal notification in case of an available extension update only

Add more second level domains (for .tld)

WebDAV improvements

Fix opening of zero byte externals

Internal rework and cleanup

Fix script positioning via drag and drop

Decrease extension size by removing jQuery dependency

Shift key + mouse click based multi select

Validate @grant as well as header tags in general

Fix storage 'reload' button and add 'reset'

Fix ESLint to allow top-level await

Warn on userscript header entries that are not prefixed by exactly one space

Use eslint-plugin-userscripts to highlight userscript header issues

Show localized userscript name and description if available where possible

Dark mode improvements

Prefer an explicit set @name:en over @name

Update page title if script is renamed by save

Keep CRLF line endings on edit

Chrome

Improve scrollbar layout in dark mode

Sync

Fix TamperDAV double sync issue

Add a button to force a sync

Fix unnecessary repeated exports

Trigger sync on move to trash

General

Userscript Search integration
(search on popup menu entry click, on popup menu open or always)

Improve topbar announcements to not hide existing messages

@antifeature support

Add Userscript menu commands to the page's context menu

`@run-at context-menu scripts now require a @include or @match statement (like all other scripts)

Speed up extension storage operations

Sandbox fixes

Speed up injection

Speed up and fix handling of large GM_xmlhttpRequest responses

GM_xmlhttpRequest data might be available at readyState 3 now

Fix GM_download calls in non-native mode if executed too quickly one after the other

Add option whether to import script data and/or externals

Fix SHA-256 calculation for sub-resource integration (SRI) check of some files

Fix GM_xmlhttpRequest authentication via user and password (including fetch mode)

Fix a continuing script execution problem of scripts running on browser start

Fix GM_notification sometimes not using the given image

Fix a sandbox issue which caused DOMContentLoaded being fired after the load event

Fix GM_setStyle/GM_addElement of document-start scripts in case of very early script execution

Update CodeMirror editor to version 5.58.2

Update JSZip to 3.5.0

Opera

Fix linting issues

Add script trash

Add script removal entry to popup menu

Improve search bar to not hide script content

Add option to automatically highlight selected or hovered words

Fix the 'Find Next' button after search was opened

Fix flashing layout shift if an @include's favicon can't be loaded

Fix tab layout issue at very high zoom-levels at MacOS and Windows

Add a default @icon tag showing the domain's favicon if a URL is available

Add an option to add the current domain to the blacklisted pages list

Add a reload button to the script storage tab

Remember the last chosen cloud storage at the 'Utilities' tab

Make the 'Dashboard' item's alt action (Ctrl+Click, middle or right mouse click) open it with the current tab's URL as filter

Update darker theme | thanks to narcolepticinsomniac

Sync

Various improvements

Experimental

Top-level await support

Allow experimental GM_addElement to operate on shadow DOM

Locales

Add Danish translation | thanks to will2022

Update Italian translation | thanks to bovirus

Update Japanese translation | thanks to shirayuki

Update Turkish translation | thanks to Tmp341

Update Portuguese-Brazil translation | thanks to igorruckert

Update Chinese (simplified) translation | thanks to xiaopangju

Update Chinese (traditional) translation | thanks to asthzh

Update Chinese (simplified) translation | thanks to ff98sha

Update Russian translation | thanks to wvxwxvw

Update Vietnamese translation | thanks to IoeCmcomc

Update Chinese (simplified) translation | thanks to CaveNightingale, Vstory and xiaopangju

Update Russian translation | thanks to vanja-san

Update French translation | thanks to omerien