CSP issues after updating to version 10.1.9.3

[felmab]

Apparently NoScript was updated transparently to version 10.1.9.3 this morning, and now my browser has trouble to load legitimate JavaScript. I get this error on every website:

Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src”).

These errors disappear when I disable NoScript.

EDIT: I am not really sure about these CSP errors, but some JavaScript gets blocked nonetheless.

[felmab]

10.1.9.1 is the last version that works with my browser, 10.1.9.2rc1 is the first one which starts failing.

[hackademix]

Please check whether you've got any "§:" entry in your TRUSTED (in the file from NoScript Options>Export), and whether you're auto-allowing top-level sites.
NoScript Options|Reset (or re-importing the aforementioned file with that entry removed) should bypass the issue for now, but I'm about to release a 10.1.9.4 which should fix it for everybody with no manual intervention.
Sorry for the hassle.

[felmab]

You were right, I did have a "§:" entry. Version 10.1.9.3 works again after importing a corrected export file, thanks a lot.

What caused this issue BTW, and what does this § sign mean?

[hackademix]

""§:" stands for "Secure", and it's the internal prefix for domain entries which are meant to be matched only if served through https.
You should never have an empty domain entry, but a bug in 10.1.9.2 caused it to be added automatically if you had "Temporarily set top level sites to TRUSTED" and maybe other ways.
This wouldn't have normally break everything like it did, if not combined with another otherwise innocuous change in 10.1.9.3 (that's why downgrading appeared to be a "fix") which caused invalid match patterns to be generated for the new DOM-based CSP enforcing backup.
In other words, quite a mess to figure out but a fix should be ready very soon.

[felmab]

Thanks again!