NoScript whitelist reset is fingerprintable
In my haste to fix #16730 (moved) in time for 5.0, I forgot to account for the fact that the reset whitelist omits blob:, mediasource: and moz-safe-about:. Technically websites can detect this and use it to fingerprint users.
We should probably add these URIs back in to the whitelist if they are absent, or remove them if they are present. I am leaning towards adding them, since I suspect mediasource: and blob: are needed by some sites (which is probably why Giorgio added them).