When nsMixedContentBlocker was written in 2013, there was no mixed content blocking spec. Now there is, which is great! But our implementation isn't completely spec compatible. For example, we don't use isOriginPotentiallyTrustworthy from the Secure Context spec. We need to identify the gaps here and fix them (either all in one bug or multiple sub-bugs). Editors draft: https://w3c.github.io/webappsec-mixed-content/ Latest published: https://www.w3.org/TR/mixed-content/
Priority: -- → P3
You need to log in before you can comment on or make changes to this bug.