How to really blacklist mediasource?
Posted: Fri Nov 06, 2015 8:59 am
Hi,
I don't know if this is a result of updating to Firefox 42, but now the "mediasource:" pseudo-protocol seems permanently whitelisted. This is quite a surprise, since the old behavior is that I can explicitly grant permission to mediasource from the "Blocked Objects" context menu entry. Now the entry for mediasource: is grayed out in the whitelist and cannot be removed.
I even tried removing mediasource: in the about:config entry "noscript.mandatory". After restarting Firefox, this made it possible to remove "mediasource:" from the whitelist menu. But this seems to do nothing.
Example:
Expected behavior: Go to youtube.com -> open a video page -> should see blank in place of the video player -> grant temporary permission to mediasource: in "Blocked Objects" -> page reloads, video player plays video.
Current behavior: Go to youtube.com -> open a video page -> video plays as if NoScript is not there
I don't know if this is a result of updating to Firefox 42, but now the "mediasource:" pseudo-protocol seems permanently whitelisted. This is quite a surprise, since the old behavior is that I can explicitly grant permission to mediasource from the "Blocked Objects" context menu entry. Now the entry for mediasource: is grayed out in the whitelist and cannot be removed.
I even tried removing mediasource: in the about:config entry "noscript.mandatory". After restarting Firefox, this made it possible to remove "mediasource:" from the whitelist menu. But this seems to do nothing.
Example:
Expected behavior: Go to youtube.com -> open a video page -> should see blank in place of the video player -> grant temporary permission to mediasource: in "Blocked Objects" -> page reloads, video player plays video.
Current behavior: Go to youtube.com -> open a video page -> video plays as if NoScript is not there