Recent Changes

General

Support userscript editing at vscode.dev if the Tampermonkey Editors extension is installed

Allow cloud backups to be downloaded

Fix the active script count when an embedded frame is removed

Fix automatic detection mode of the option 'Add GM functions to this or window'

Fix disappearing 'Yes' value of the 'Modify existing content security policy headers' option

Fix GM.download(url, name)

Fix GM_setValue with binary content

Fix sometimes broken userscript link in stack trace

Fix menu command listeners sometimes being executed multiple times

Fix GM_deleteValue to really delete values also in background

Make the storage editor show undefined values as well

Fix issues after document.write was called

Internal cleanup and rework for manifest v3

Improve visualization of blacklisted scripts

ESLint updated to 8.32.0

Firefox

Make cloneInto, exportFunction and createObjectIn in @sandbox JavaScript mode work

Fix XML viewer when Tampermonkey is enabled

Fix node argument of GM_addElement in @sandbox JavaScript mode

Fix mobile dashboard view

Fix export at mobile devices

Make GM_openInTab's setParent option work within containers

Close action menu after click at Android

Improve script installation at Android

Introducing Tam, your helpful assistant for getting started

Show more site icons per script

Search editor as you type

Assure editor search results are scrolled in view

Confirm script deletion in the dashboard if the trash is disabled

Sync

Make TamperDAV script change detection work regardless of boot order

When using WebDAV, add a trailing slash notation to collection names as suggested by the spec

Fix issues regarding enabling and disabling sync

Locales

Localize extension name and description

Update Italian translation | thanks to bovirus

Update Japanese translation | thanks to shirayuki

Update Chinese (simplified) translation | thanks to gin3715

Update Russian translation | thanks to Tyemak

Update Danish translation | thanks to jhertel

Experimental

Add experimental GM_info.userAgentData with all properties of NavigatorUAData and some "high entropy" values

If you encounter unreliable script injection after this update, then please check this FAQ entry.

General

Fix GM_unregisterMenuCommand

Fix GM.saveTab

Make @sandbox always default to raw

Make console methods enumerable again

Disable wrappedJSObject compatibility option by default

Internal rework and cleanup

Firefox

Fix variable access via unsafeWindow in JavaScript sandbox mode

Fix instant injection in combination with document-start scripts

Fix communication with external pages

Fix some CSP issues by injecting the script code earlier

Sync

Fix an issue that script updates were disabled on sync triggered change imports

General

Experimental @sandbox support with possible values 'raw', 'JavaScript' and 'DOM'

'raw' access means that a script for compatibility reasons always needs to run in page context. At the moment this mode is the default if @sandbox is omitted.
'JavaScript' access mode means that this script needs unsafeWindow access. At Firefox a special context is created which should also bypass all remaining CSP issues. Execution in page context is used as fallback at other browsers.
'DOM' access mode means that the script only needs DOM and no direct unsafeWindow access. If enabled these scripts are executed inside the extension context or at any other enabled context otherwise.

Add an option to configure available sandbox modes
Warning: Any option that enables 'DOM' mode is potentially unsecure. Userscripts that run in extension context have almost full extension permissions and can even modify and install new userscripts.

Remove document.addEventListener('DOMContentLoaded', ...) delayed event dispatching for document-start scripts executed later than the event

Remove toSource object prototype compat option

Allow GM_xhr streams to be canceled

Add GM_xhr.upload.onprogress support

Add some more entries to the download file extension whitelist

Add GM_download.details.conflictAction (works only in browser API mode)

Fix @resource SVG handling

Add some more editor shortcuts

Remove GM_setTab in favor of the documented GM_saveTab call

Allow script tabs to be closed via middle mouse click

Add a close button to the header of some more dialogs

Fix script toggle element if darker theme is enabled

Locales

Add Macedonian translation | thanks to EntityPlantt

Add Hellenic (Greek) translation | thanks to panos78

Update Chinese (simplified) translation | thanks to iskandarma

Update Portuguese-Brazil translation | thanks to DavidBrazSan

Update Russian translation | thanks to vanja-san

Sync

Add an access token revoke button to some more cloud storage types
Note: make sure to sign out from the service first if you want to login with another account.

Show script sync log messages at the settings page

Dropbox: avoid upload of identical content

Firefox

Use userScript API to execute userscripts

Add container ID to GM_info

Fix script counter at file URLs

Fix sandbox window to have Object.prototype properties

Make GM_xhr multi-account container aware

General

Fix issues with heavily increased page loading time caused by some scripts or @requires

Allow drag and drop inside the editor again

Firefox

Try to fix script loading issues caused by 'too much recursion'

Locales

Update Chinese (traditional) translation | thanks to SiderealArt

Update Italian translation | thanks to bovirus

Update Danish translation | thanks to will2022

Firefox

Fix iframe issues

General

Minor internal cleanup

Sandbox improvements

External @require and @resource content is not updated by default anymore unless the script was updated

Improved compatibility for userstyles installed as userscript

Add an option to control whether to bind GM API functions to the userscript's execution context and sandbox window (and do it by default only if necessary)
Details: Enabling this makes it very easy for a userscript to accidentally leak its granted powers to the page

Treat @include a little bit more like @match if :// is present and add an option to control @include's behavior
Details: Many script developers expect @include *://tmnk.net/* to match pages at tmnk.net only, but it also matches https://example.com/?http://tmnk.net/.
To improve this, @includes that contain a :// are now interpreted a little bit different. Every * before :// now only matches the URL scheme. Also, if :// is directly followed by a * or a / somewhere, then the first * or all until / are applied to the hostname only.

Fix encoding of userscript file and URL imports

Show script and external resources size in dashboard

Show last updated time as relative time if within 4 weeks or as absolute date otherwise

Fix darker theme quirk

Fix favicons with transparent background

Improve editor menu if advanced editor is disabled

Add a localStorage option to manually disable the linter worker if importScripts force reloads the page