change autoplay policy, allow svg opentype fonts

docs/Changelog.md

@@ -10,10 +10,12 @@ Setting versions are documented using the pref `librewolf.cfg.version`, availabl
 **References**:
 
 - [enable APS](https://github.com/arkenfox/user.js/issues/1530#issuecomment-1242850653);
-- trim unnecessary or default NTP prefs, tidy existing ones;
+- trim unnecessary or default NTP prefs, then tidy existing ones;
 - stick to default session restore interval for writes;
 - remove a bunch of default prefs that have been that way for the longest;
-- offer accessibility by default.
+- offer accessibility by default;
+- remove hardcore svg security pref since CVEs are very old and irrelevant, see [this discussion](https://github.com/arkenfox/user.js/issues/1529);
+- improve [autoplay behavior](https://gitlab.com/librewolf-community/settings/-/issues/213).
 
 #### Added preferences
 ```
@@ -37,11 +39,13 @@ lockPref("toolkit.telemetry.reportingpolicy.firstRun", false); // default
 defaultPref("network.http.referer.XOriginPolicy", 0); // default
 lockPref("browser.safebrowsing.passwords.enabled", false); // default
 lockPref("browser.safebrowsing.provider.google4.dataSharing.enabled", false); // default
+defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts
+defaultPref("media.autoplay.blocking_policy", 2);
 ```
 
 # 6.9
 
-**target commit**:
+**target commit**: 49a705f835e1438372fbdf1a779fbc5846212a68
 
 **base librewolf version**: 104.x
 

librewolf.cfg

@@ -15,7 +15,7 @@ defaultPref("librewolf.cfg.version", "7.0");
  * PRIVACY [ISOLATION, SANITIZING, CACHE AND STORAGE, HISTORY AND SESSION RESTORE, QUERY STRIPPING]
  * NETWORKING [HTTPS, REFERERS, WEBRTC, PROXY, DNS, PREFETCHING AND SPECULATIVE CONNECTIONS, OFFLINE]
  * FINGERPRINTING [RFP, WEBGL]
- * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, FONTS, SAFE BROWSING, OTHERS]
+ * SECURITY [SITE ISOLATION, CERTIFICATES, TLS/SSL, PERMISSIONS, SAFE BROWSING, OTHERS]
  * REGION [LOCATION, LANGUAGE]
  * BEHAVIOR [DRM, SEARCH AND URLBAR, DOWNLOADS, AUTOPLAY, POP-UPS AND WINDOWS, MOUSE]
  * EXTENSIONS [USER INSTALLED, SYSTEM, EXTENSION FIREWALL]
@@ -204,9 +204,6 @@ defaultPref("browser.xul.error_pages.expert_bad_cert", true);
 lockPref("permissions.delegation.enabled", false); // force permission request to show real origin
 lockPref("permissions.manager.defaultsUrl", ""); // revoke special permissions for some mozilla domains
 
-/** [SECTION] FONTS */
-defaultPref("gfx.font_rendering.opentype_svg.enabled", false); // disale svg opentype fonts
-
 /** [SECTION] SAFE BROWSING
  * disable safe browsing, including the fetch of updates. reverting the 7 prefs below
  * allows to perform local checks and to fetch updated lists from google.
@@ -290,10 +287,10 @@ defaultPref("browser.download.manager.addToRecentDocs", false); // do not add do
 defaultPref("browser.download.alwaysOpenPanel", false); // do not expand toolbar menu for every download, we already have enough interaction
 
 /** [SECTION] AUTOPLAY
- * block autoplay unless element is clicked, and apply the policy to all elements
+ * block autoplay unless element is right-clicked. this means background videos, videos in a different tab,
- * including muted ones.
+ * or media opened while other media is played will not start automatically.
+ * thumbnails will not autoplay unless hovered. exceptions can be set.
  */
-defaultPref("media.autoplay.blocking_policy", 2);
 defaultPref("media.autoplay.default", 5);
 
 /** [SECTION] POP-UPS AND WINDOWS
@@ -376,7 +373,7 @@ defaultPref("privacy.userContext.ui.enabled", true);
  * disable chrome and remote debugging.
  */
 defaultPref("devtools.chrome.enabled", false);
-defaultPref("devtools.debugger.remote-enabled", false);
+defaultPref("devtools.debugger.remote-enabled", false); // default
 defaultPref("devtools.remote.adb.extensionURL", "");
 defaultPref("devtools.selfxss.count", 0); // required for devtools console to work