From 3ad75011df310eefd913e81ff97f047b6d017439 Mon Sep 17 00:00:00 2001
From: Mark Foltz
The terms potentially - secure, a priori unauthenticated URL, and prohibits mixed security contexts algorithm are defined in [[!MIXED-CONTENT]].
++ The term + potentially trustworthy origin is defined in + [[!SECURE-CONTEXTS]]. +
The terms
@@ -3098,12 +3102,15 @@
Showing the origin that will be presented will help the user know
- if that content is from an potentially secure (e.g.,
- https:
) origin, and corresponds to a known or
- expected site. For example, a malicious site may attempt to
- convince the user to enter login credentials into a presentation
- page that imitates a legitimate site. Examination of the
- requested origin will help the user detect these cases.
+ if that content is from an potentially trustworthy origin
+ (e.g., https:
), and corresponds to a known or
+ expected site. The user agent should specifically indicate when
+ the origin requesting presentation is not potentially trustworthy. For
+ example, a malicious site may attempt to convince the user to
+ enter login credentials into a presentation page that imitates a
+ legitimate site. Examination of the requested origin will help
+ the user detect these cases.