Recent Changes

If you encounter unreliable script injection after this update, then please check this FAQ entry.

General

Fix GM_unregisterMenuCommand

Fix GM.saveTab

Make @sandbox always default to raw

Make console methods enumerable again

Disable wrappedJSObject compatibility option by default

Internal rework and cleanup

Firefox

Fix variable access via unsafeWindow in JavaScript sandbox mode

Fix instant injection in combination with document-start scripts

Fix communication with external pages

Fix some CSP issues by injecting the script code earlier

Sync

Fix an issue that script updates were disabled on sync triggered change imports

General

Experimental @sandbox support with possible values 'raw', 'JavaScript' and 'DOM'

'raw' access means that a script for compatibility reasons always needs to run in page context. At the moment this mode is the default if @sandbox is omitted.
'JavaScript' access mode means that this script needs unsafeWindow access. At Firefox a special context is created which should also bypass all remaining CSP issues. Execution in page context is used as fallback at other browsers.
'DOM' access mode means that the script only needs DOM and no direct unsafeWindow access. If enabled these scripts are executed inside the extension context or at any other enabled context otherwise.

Add an option to configure available sandbox modes
Warning: Any option that enables 'DOM' mode is potentially unsecure. Userscripts that run in extension context have almost full extension permissions and can even modify and install new userscripts.

Remove document.addEventListener('DOMContentLoaded', ...) delayed event dispatching for document-start scripts executed later than the event

Remove toSource object prototype compat option

Allow GM_xhr streams to be canceled

Add GM_xhr.upload.onprogress support

Add some more entries to the download file extension whitelist

Add GM_download.details.conflictAction (works only in browser API mode)

Fix @resource SVG handling

Add some more editor shortcuts

Remove GM_setTab in favor of the documented GM_saveTab call

Allow script tabs to be closed via middle mouse click

Add a close button to the header of some more dialogs

Fix script toggle element if darker theme is enabled

Locales

Add Macedonian translation | thanks to EntityPlantt

Add Hellenic (Greek) translation | thanks to panos78

Update Chinese (simplified) translation | thanks to iskandarma

Update Portuguese-Brazil translation | thanks to DavidBrazSan

Update Russian translation | thanks to vanja-san

Sync

Add an access token revoke button to some more cloud storage types
Note: make sure to sign out from the service first if you want to login with another account.

Show script sync log messages at the settings page

Dropbox: avoid upload of identical content

Firefox

Use userScript API to execute userscripts

Add container ID to GM_info

Fix script counter at file URLs

Fix sandbox window to have Object.prototype properties

Make GM_xhr multi-account container aware

General

Fix issues with heavily increased page loading time caused by some scripts or @requires

Allow drag and drop inside the editor again

Firefox

Try to fix script loading issues caused by 'too much recursion'

Locales

Update Chinese (traditional) translation | thanks to SiderealArt

Update Italian translation | thanks to bovirus

Update Danish translation | thanks to will2022

Firefox

Fix iframe issues

General

Minor internal cleanup

Sandbox improvements

External @require and @resource content is not updated by default anymore unless the script was updated

Improved compatibility for userstyles installed as userscript

Add an option to control whether to bind GM API functions to the userscript's execution context and sandbox window (and do it by default only if necessary)
Details: Enabling this makes it very easy for a userscript to accidentally leak its granted powers to the page

Treat @include a little bit more like @match if :// is present and add an option to control @include's behavior
Details: Many script developers expect `@include *://tmnk.net/*` to match pages at `tmnk.net` only, but it also matches `https://example.com/?http://tmnk.net/`.
To improve this, @includes that contain a `://` are now interpreted a little bit different. Every `*` before `://` now only matches the URL scheme. Also, if `://` is directly followed by a `*` or a `/` somewhere, then the first `*` or all until `/` are applied to the hostname only.

Fix encoding of userscript file and URL imports

Show script and external resources size in dashboard

Show last updated time as relative time if within 4 weeks or as absolute date otherwise

Fix darker theme quirk

Fix favicons with transparent background

Improve editor menu if advanced editor is disabled

Add a localStorage option to manually disable the linter worker if importScripts force reloads the page

Locales

Update Turkish translation | thanks to Tmp341

Update Japanese translation | thanks to shirayuki

Update Portuguese-Brazil translation | thanks to igorruckert

Update Chinese (simplified) translation | thanks to xiaopangju

Update Chinese (simplified) translation | thanks to dnknn

Update Hindi translation | thanks to Yash-Singh1

Update French translation | thanks to omerien

Update Italian translation | thanks to bovirus

Update Russian translation | thanks to wvxwxvw

Update Chinese (traditional) translation | thanks to ndbiaw and SiderealArt

General

Allow userscript installation via drag and drop to options page also in case local file access is disabled

Fix prototype confusion in sandbox mode

Fix GM_getValue and GM_xmlhttpRequest response prototype confusion

Fix GM_setValue and include enumerable array values of the prototype chain as well

Fix sandbox window to have Object prototype methods agin

Fix custom ESLint config

Add known globals to editor auto-suggestion again

Make @connect * work with requests to IPs and hostnames (like localhost) again

Allow GM_getValue to return undefined as value

Improve JavaScript scriptlet support via @unwrap tag

Fix GM_xmlhttpRequest to forward status and statusText in fetch mode once available

Fix some rare exceptions happening in the wild

Sandbox improvements

Make cloud service re-authentication without user intervention less disturbing

Use up to ES2022 for linting if supported by the browser

Update ESLint

Fix several issues with older browser versions

Fix cookies overwriting in anonymous GM_xmlhttpRequest mode

Add a global and a per script setting to choose whether to run in incognito tabs

Replace worker based image cache to avoid problems at some browsers

Fix some userscript injection issues

Add some more audio formats to the download file extension whitelist

Use higher resolution if Google's favicons service is used

Always log an error at the page console if a @require or @resource couldn't be loaded

Improve GM_xmlhttpRequest event timings and make response readable on request errors as well

Make GM_notification.highlight focus the window as well

Make trash configurable (on/off/session only)

Fix issues caused by extremely delayed setTimeout(..., 0) calls

Add MouseEvent/KeyboardEvent argument to GM_registerMenuCommand callbacks

Add a focus method to the return value of GM_openInTab

GM_xmlhttpRequest.responseType 'stream' support

Make import from URL support zip, JSON and plain userscript files

Show an internal notification in case of an available extension update only

Add more second level domains (for .tld)

WebDAV improvements

Fix opening of zero byte externals

Internal rework and cleanup

Fix sometimes failing access to response when GM_xmlhttpRequest.responseType is set to 'document'

Fix script positioning via drag and drop

Decrease extension size by removing jQuery dependency

Shift key + mouse click based multi select

Validate @grant as well as header tags in general

Fix storage 'reload' button and add 'reset'

Fix ESLint to allow top-level await

Warn on userscript header entries that are not prefixed by exactly one space

Use eslint-plugin-userscripts to highlight userscript header issues

Show localized userscript name and description if available where possible

Dark mode improvements

Prefer an explicit set @name:en over @name

Update page title if script is renamed by save

Keep CRLF line endings on edit

Sync

Fix TamperDAV double sync issue

Add a button to force a sync

Fix unnecessary repeated exports

Trigger sync on move to trash

Firefox

Add GM_notification.highlight support

Fix 'promise out of scope' warning