"Only allow play of audio in response to user action."
Okay, cool, so there's a giant 'click' event handler on top of the whole page. When you click it I'm going to play a 250ms long sample of silence embedded as a data:// URL into the audio or video element.
Now I control the player and can do whatever I want.
Anyway, forbidding pages from loading secondary content would break millions of sites, including the most visited sites in the world. That would be equivalent to completely redesigning HTML/JS.
"Click here to prove you're human"
Coincidentally, the most devious way I've seen to make users enable notifications from a site.
You can do that when the page loads. Scroll or timer events could require a non intrusive permission dialog.
"Only allow play of audio in response to user action."
Okay, cool, so there's a giant 'click' event handler on top of the whole page. When you click it I'm going to play a 250ms long sample of silence embedded as a data:// URL into the audio or video element.
Now I control the player and can do whatever I want.
You've inconvenienced me for 15 minutes.
15 minutes you will never get back.
Like... scrolling down the page?
Anyway, forbidding pages from loading secondary content would break millions of sites, including the most visited sites in the world. That would be equivalent to completely redesigning HTML/JS.
Have a nice small notification that a "pop-up" was blocked. Wouldn't you like to see it now wouldn't you?