NoScript XSS user choices are persisted

Whenever user chooses 'Always allow' or 'Always block' in one of the NoScript XSS popups the setting is persisted in storage-sync.sqlite file and this is never cleared on browser startup as the rest of NoScript preferences.

The full persisted object can be inspected via about:debugging -> Debug Noscript -> browser.storage.sync.get('xssUserChoices').

I understand this is not intended behaviour, since NoScript default is to not persist user choices (clearing them up on browser start).

Trac:
Username: atac

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information