"Only allow play of audio in response to user action."
Okay, cool, so there's a giant 'click' event handler on top of the whole page. When you click it I'm going to play a 250ms long sample of silence embedded as a data:// URL into the audio or video element.
Now I control the player and can do whatever I want.
Anyway, forbidding pages from loading secondary content would break millions of sites, including the most visited sites in the world. That would be equivalent to completely redesigning HTML/JS.
"Click here to prove you're human"
Coincidentally, the most devious way I've seen to make users enable notifications from a site.
"Only allow play of audio in response to user action."
Okay, cool, so there's a giant 'click' event handler on top of the whole page. When you click it I'm going to play a 250ms long sample of silence embedded as a data:// URL into the audio or video element.
Now I control the player and can do whatever I want.
You've inconvenienced me for 15 minutes.
Like... scrolling down the page?
Anyway, forbidding pages from loading secondary content would break millions of sites, including the most visited sites in the world. That would be equivalent to completely redesigning HTML/JS.