clicking on "click to play" media leaks URLs via NoScript on-disk preferences
A user in
#tor reports that clicking on "click to play" media leaks sensitive information by causing NoScript to save the URL to disk. It's not clear whether this is an instance of legacy/trac#29646 (moved). It also seems that these URLs persist for search bar completion briefly beyond "New Identity", but not beyond a browser restart.
partial IRC logs below: