NoScript Click-to-Play bypass with embedded videos and audios
Noscript does not block .webm playback on tor hidden services but plays them first and then blocks them after.
Example:
If you go to http://alokalaou53jmgum.onion/b/50927 and click on the 'homer-simpson webm' it will start playing directly after being clicked on even though Tor Browser is set to high security slider and this in 9/10 times.
Whereas if you open it directly it will block it 9/10 times.
http://alokalaou53jmgum.onion/src/M9Xjl/1486923637894.webm
This is present in at least Tor Browser 6.5.1 and 6.5.2 and probably on even older versions leaving users potentially in danger if it where to be a malicious .webm by not blocking it
Trac:
Username: samantharis