NoScript XSS user choices are persisted
Whenever user chooses 'Always allow' or 'Always block' in one of the NoScript XSS popups the setting is persisted in storage-sync.sqlite file and this is never cleared on browser startup as the rest of NoScript preferences.
The full persisted object can be inspected via about:debugging -> Debug Noscript -> browser.storage.sync.get('xssUserChoices').
I understand this is not intended behaviour, since NoScript default is to not persist user choices (clearing them up on browser start).
Trac:
Username: atac
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information