clicking on "click to play" media leaks URLs via NoScript on-disk preferences
A user in
#tor reports that clicking on "click to play" media leaks sensitive information by causing NoScript to save the URL to disk. It's not clear whether this is an instance of #29646 (moved). It also seems that these URLs persist for search bar completion briefly beyond "New Identity", but not beyond a browser restart.
partial IRC logs below: