_html_clearMedia() can cause CSP violation because of "about:blank"

[dougwollison]

The _html_clearMedia() method works by setting the media source value to "about:blank", this triggers a (rather nitpicky) Content Security Policy violation for sites using such headers.

Excerpt of the error I found:

Refused to load media from 'about:blank' because it violates the following Content Security Policy directive: "media-src 'self' [...]

While I can't speak for browser compatibility, it seems the better way to do it is to call removeAttr() on the media element, rather than setting the source value to something different.

I'm currently patching the jQuery plugin like so:

$.jPlayer.prototype._html_clearMedia = function() {
    if ( this.htmlElement.media ) {
        this.htmlElement.media.removeAttribute( 'src' );
        this.htmlElement.media.load();
    }
};

This solves the CSP issue but I can't be certain it makes sure the download stops, though I have no reason to think it wouldn't.

[karthicraghupathi]

I'm having a similar and possibly related issue when calling destroy(). This seems to happen for me in Chrome only and not in Firefox. I'm using Firefox 80.0.1, Chrome 85.0.4183.102 and jPlayer 2.9.2.

On destroy(), I see clearMedia() is being called and that is triggering a GET about:blank net::ERR_UNKNOWN_URL_SCHEME error in Chrome console. Everything works fine except for this error in the console.

It seems to me like this is not a very common issue as there are virtually no search results in Google about this error. I did find a very old issue created by someone with no response in that thread: https://groups.google.com/d/msg/jplayer/dndhBPxprVA/9taeMlG4g40J

I was wondering if anyone else had a similar experience and had any pointers on how this can be resolved.