From b3f7d5cc2a2ecb50903efb922a8edfefbe1c5f34 Mon Sep 17 00:00:00 2001
From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 13 Feb 2020 17:47:32 +0100
Subject: [PATCH] data: URLs (#72)

As long as they have a creator, anyway. (Note that data: URLs cannot be opened in a top-level browsing context, such as a popup, except via a user-initiated navigation.)

Tests: https://github.com/web-platform-tests/wpt/pull/21146 and https://github.com/web-platform-tests/wpt/pull/21781.

Fixes #69. Nice!
---
 index.html     | 119 +++++++++++++++++++++++++------------------------
 index.src.html |  27 +++++------
 2 files changed, 70 insertions(+), 76 deletions(-)

diff --git a/index.html b/index.html
index ecb2f70..92d4d46 100644
--- a/index.html
+++ b/index.html
@@ -1029,7 +1029,7 @@
 		}
 	/* } */
 
-	@supports (display:grid) {
+	@supports (display:grid) and (display:contents) {
 		/* Use #toc over .toc to override non-@supports rules. */
 		#toc {
 			display: grid;
@@ -1167,6 +1167,18 @@
 		margin-left: auto;
 		margin-right: auto;
 	}
+	.overlarge {
+		/* Magic to create good table positioning:
+		   "content column" is 50ems wide at max; less on smaller screens.
+		   Extra space (after ToC + content) is empty on the right.
+
+		   1. When table < content column, centers table in column.
+		   2. When content < table < available, left-aligns.
+		   3. When table > available, fills available + scroll bar.
+		*/ 
+		display: grid;
+		grid-template-columns: minmax(0, 50em);
+	}
 	.overlarge > table {
 		/* limit preferred width of table */
 		max-width: 50em;
@@ -1176,7 +1188,6 @@
 
 	@media (min-width: 55em) {
 		.overlarge {
-			margin-left: calc(13px + 26.5rem - 50vw);
 			margin-right: calc(13px + 26.5rem - 50vw);
 			max-width: none;
 		}
@@ -1184,14 +1195,12 @@
 	@media screen and (min-width: 78em) {
 		body:not(.toc-inline) .overlarge {
 			/* 30.5em body padding 50em content area */
-			margin-left: calc(40em - 50vw) !important;
 			margin-right: calc(40em - 50vw) !important;
 		}
 	}
 	@media screen and (min-width: 90em) {
 		body:not(.toc-inline) .overlarge {
 			/* 4em html margin 30.5em body padding 50em content area */
-			margin-left: 0 !important;
 			margin-right: calc(84.5em - 100vw) !important;
 		}
 	}
@@ -1212,9 +1221,9 @@
 		}
 	}
 </style>
-  <meta content="Bikeshed version 9c9e00cfdaddb9b81439182b02ae23e5d5b65b2d" name="generator">
+  <meta content="Bikeshed version d2febad00f62a578fcdd0d902104eb698a01e002" name="generator">
   <link href="https://www.w3.org/TR/secure-contexts/" rel="canonical">
-  <meta content="c907ed2b5ea5ceecab0a3f9c7f8035a055cd1e7b" name="document-revision">
+  <meta content="90b607620c3c4eafbab95f9df70aeb209e037444" name="document-revision">
 <style>
     .secure {
       fill: #8F8;
@@ -1489,7 +1498,7 @@
   <div class="head">
    <p data-fill-with="logo"><a class="logo" href="https://www.w3.org/"> <img alt="W3C" height="48" src="https://www.w3.org/StyleSheets/TR/2016/logos/W3C" width="72"> </a> </p>
    <h1>Secure Contexts</h1>
-   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2019-03-15">15 March 2019</time></span></h2>
+   <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="content">Editor’s Draft, <time class="dt-updated" datetime="2020-02-13">13 February 2020</time></span></h2>
    <div data-fill-with="spec-metadata">
     <dl>
      <dt>This version:
@@ -1511,7 +1520,7 @@ <h2 class="no-num no-toc no-ref heading settled" id="subtitle"><span class="cont
     </dl>
    </div>
    <div data-fill-with="warning"></div>
-   <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2019 <a href="https://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="https://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="https://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="https://www.keio.ac.jp/">Keio</a>, <a href="https://ev.buaa.edu.cn/">Beihang</a>). W3C <a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply. </p>
+   <p class="copyright" data-fill-with="copyright"><a href="https://www.w3.org/Consortium/Legal/ipr-notice#Copyright">Copyright</a> © 2020 <a href="https://www.w3.org/"><abbr title="World Wide Web Consortium">W3C</abbr></a><sup>®</sup> (<a href="https://www.csail.mit.edu/"><abbr title="Massachusetts Institute of Technology">MIT</abbr></a>, <a href="https://www.ercim.eu/"><abbr title="European Research Consortium for Informatics and Mathematics">ERCIM</abbr></a>, <a href="https://www.keio.ac.jp/">Keio</a>, <a href="https://ev.buaa.edu.cn/">Beihang</a>). W3C <a href="https://www.w3.org/Consortium/Legal/ipr-notice#Legal_Disclaimer">liability</a>, <a href="https://www.w3.org/Consortium/Legal/ipr-notice#W3C_Trademarks">trademark</a> and <a href="https://www.w3.org/Consortium/Legal/copyright-documents">document use</a> rules apply. </p>
    <hr title="Separator for header">
   </div>
   <div class="p-summary" data-fill-with="abstract">
@@ -1546,7 +1555,7 @@ <h2 class="no-num no-toc no-ref heading settled" id="status"><span class="conten
   <div data-fill-with="at-risk">
    <p>The following features are at-risk, and may be dropped during the CR period: </p>
    <ul>
-    <li>The <a data-link-type="dfn" href="#sandboxed-secure-browsing-context-flag" id="ref-for-sandboxed-secure-browsing-context-flag">sandboxed secure browsing context flag</a> defined in <a href="#monkey-patching-sandbox-flags">§2.2.1 Sandboxing</a>, as well as its usage in <a href="#is-settings-object-contextually-secure">§3.1 Is an environment settings object contextually secure?</a>. [<a href="#issue-255ee4a4">Issue 2</a>]
+    <li>The <a data-link-type="dfn" href="#sandboxed-secure-browsing-context-flag" id="ref-for-sandboxed-secure-browsing-context-flag">sandboxed secure browsing context flag</a> defined in <a href="#monkey-patching-sandbox-flags">§ 2.2.1 Sandboxing</a>, as well as its usage in <a href="#is-settings-object-contextually-secure">§ 3.1 Is an environment settings object contextually secure?</a>.
    </ul>
    <p>“At-risk” is a W3C Process term-of-art, and does not necessarily imply that the feature is in danger of being dropped or delayed. It means that the WG believes the feature may have difficulty being interoperably implemented in a timely manner, and marking it as such allows the WG to drop the feature if necessary when transitioning to the Proposed Rec stage, without having to publish a new Candidate Rec without the feature first.</p>
   </div>
@@ -1643,8 +1652,8 @@ <h2 class="heading settled" data-level="1" id="intro"><span class="secno">1. </s
   applications, it becomes increasingly important to ensure that the features
   which enable those applications are enabled only in contexts which meet a minimum
   security level. As an extension of the TAG’s recommendations in <a data-link-type="biblio" href="#biblio-securing-web">[SECURING-WEB]</a>,
-  this document describes threat models for feature abuse on the web (see <a href="#threat-models">§4.1 Threat Models</a>) and outlines normative requirements which should be
-  incorporated into documents specifying new features (see <a href="#implementation-considerations">§7 Implementation Considerations</a>).</p>
+  this document describes threat models for feature abuse on the web (see <a href="#threat-models">§ 4.1 Threat Models</a>) and outlines normative requirements which should be
+  incorporated into documents specifying new features (see <a href="#implementation-considerations">§ 7 Implementation Considerations</a>).</p>
     <p>The most obvious of the requirements discussed here is that application code
   with access to sensitive or private data be delivered confidentially over
   authenticated channels that guarantee data integrity. Delivering code securely
@@ -1652,7 +1661,7 @@ <h2 class="heading settled" data-level="1" id="intro"><span class="secno">1. </s
   privacy requirements, but it is a necessary precondition.</p>
     <p>Less obviously, application code delivered over an authenticated and confidential
   channel isn’t enough in and of itself to limit the use of powerful features by
-  non-secure contexts. As <a href="#ancestors">§4.2 Ancestral Risk</a> explains, cooperative frames can be
+  non-secure contexts. As <a href="#ancestors">§ 4.2 Ancestral Risk</a> explains, cooperative frames can be
   abused to bypass otherwise solid restrictions on a feature. The algorithms
   defined below ensure that these bypasses are difficult and user-visible.</p>
     <p>The following examples summarize the normative text which follows:</p>
@@ -1954,8 +1963,8 @@ <h3 class="heading settled" data-level="1.5" id="examples-service-workers"><span
    <section>
     <h2 class="heading settled" data-level="2" id="framework"><span class="secno">2. </span><span class="content">Framework</span><a class="self-link" href="#framework"></a></h2>
     <p><a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#environment-settings-object" id="ref-for-environment-settings-object">Environment settings objects</a> are considered to be <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="secure-contexts">secure contexts</dfn> if they
-  are <a data-link-type="dfn" href="#environment-settings-object-contextually-secure" id="ref-for-environment-settings-object-contextually-secure">contextually secure</a> as defined in <a href="#is-settings-object-contextually-secure">§3.1 Is an environment settings object contextually secure?</a>, and <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="non-secure-contexts">non-secure contexts</dfn> otherwise.</p>
-    <p>Likewise, a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#global-object" id="ref-for-global-object">global object</a> (<code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window">Window</a></code>, <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope" id="ref-for-workerglobalscope">WorkerGlobalScope</a></code>, etc.) is considered to be a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts①⑥">secure context</a> if its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object" id="ref-for-relevant-settings-object">relevant settings object</a> is <a data-link-type="dfn" href="#environment-settings-object-contextually-secure" id="ref-for-environment-settings-object-contextually-secure①">contextually secure</a> as defined in <a href="#is-settings-object-contextually-secure">§3.1 Is an environment settings object contextually secure?</a>, and a <a data-link-type="dfn" href="#non-secure-contexts" id="ref-for-non-secure-contexts">non-secure context</a> otherwise.</p>
+  are <a data-link-type="dfn" href="#environment-settings-object-contextually-secure" id="ref-for-environment-settings-object-contextually-secure">contextually secure</a> as defined in <a href="#is-settings-object-contextually-secure">§ 3.1 Is an environment settings object contextually secure?</a>, and <dfn class="dfn-paneled" data-dfn-type="dfn" data-export id="non-secure-contexts">non-secure contexts</dfn> otherwise.</p>
+    <p>Likewise, a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#global-object" id="ref-for-global-object">global object</a> (<code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/window-object.html#window" id="ref-for-window">Window</a></code>, <code class="idl"><a data-link-type="idl" href="https://html.spec.whatwg.org/multipage/workers.html#workerglobalscope" id="ref-for-workerglobalscope">WorkerGlobalScope</a></code>, etc.) is considered to be a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts①⑥">secure context</a> if its <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object" id="ref-for-relevant-settings-object">relevant settings object</a> is <a data-link-type="dfn" href="#environment-settings-object-contextually-secure" id="ref-for-environment-settings-object-contextually-secure①">contextually secure</a> as defined in <a href="#is-settings-object-contextually-secure">§ 3.1 Is an environment settings object contextually secure?</a>, and a <a data-link-type="dfn" href="#non-secure-contexts" id="ref-for-non-secure-contexts">non-secure context</a> otherwise.</p>
     <section class="non-normative">
      <h3 class="heading settled" data-level="2.1" id="integration-idl"><span class="secno">2.1. </span><span class="content">Intergration with WebIDL</span><a class="self-link" href="#integration-idl"></a></h3>
      <p><em>This section is non-normative.</em></p>
@@ -2056,21 +2065,21 @@ <h3 class="heading settled" data-level="3.1" id="is-settings-object-contextually
       <ol>
        <li data-md>
         <p><var>document</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set">active sandboxing flag set</a> contains the <a data-link-type="dfn" href="#sandboxed-secure-browsing-context-flag" id="ref-for-sandboxed-secure-browsing-context-flag②">sandboxed secure browsing context flag</a>.</p>
-        <p class="note" role="note"><span>Note:</span> This check is "at risk". See <a href="#monkey-patching-sandbox-flags">§2.2.1 Sandboxing</a> for details.</p>
+        <p class="note" role="note"><span>Note:</span> This check is "at risk". See <a href="#monkey-patching-sandbox-flags">§ 2.2.1 Sandboxing</a> for details.</p>
        <li data-md>
         <p><var>document</var> has a <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#parent-browsing-context" id="ref-for-parent-browsing-context">parent browsing context</a> (<var>context</var>), and <var>context</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/browsers.html#active-document" id="ref-for-active-document">active document</a>'s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#relevant-settings-object" id="ref-for-relevant-settings-object⑤">relevant settings object</a> is not <a data-link-type="dfn" href="#environment-settings-object-contextually-secure" id="ref-for-environment-settings-object-contextually-secure④">contextually secure</a>.</p>
        <li data-md>
         <p><var>settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#https-state" id="ref-for-https-state②">HTTPS state</a> is "<code>deprecated</code>".</p>
        <li data-md>
-        <p><var>document</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set①">active sandboxing flag set</a> includes the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a>, and <a href="#is-url-trustworthy">§3.3 Is url potentially trustworthy?</a> returns "<code>Not Trustworthy</code>" when executed upon <var>settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-creation-url" id="ref-for-concept-environment-creation-url">creation URL</a>.</p>
+        <p><var>document</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set①">active sandboxing flag set</a> includes the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag">sandboxed origin browsing context flag</a>, and <a href="#is-url-trustworthy">§ 3.3 Is url potentially trustworthy?</a> returns "<code>Not Trustworthy</code>" when executed upon <var>settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-creation-url" id="ref-for-concept-environment-creation-url">creation URL</a>.</p>
         <p class="note" role="note"><span>Note:</span> We check the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-environment-creation-url" id="ref-for-concept-environment-creation-url①">creation URL</a> here because sandboxed content
   that is treated as being in an opaque origin (e.g. <code>&lt;iframe sandbox="allow-secure-context" src="http://127.0.0.1/"></code>)
-  would otherwise be treated as non-trustworthy by <a href="#is-origin-trustworthy">§3.2 Is origin potentially trustworthy?</a>. Since sandboxing is a strict reduction in
+  would otherwise be treated as non-trustworthy by <a href="#is-origin-trustworthy">§ 3.2 Is origin potentially trustworthy?</a>. Since sandboxing is a strict reduction in
   the content’s capabilities, and therefore in the risk it poses, we
   look at the origin of its URL to determine whether we would have
   considered it trustworthy had it not been sandboxed.</p>
        <li data-md>
-        <p><var>document</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set②">active sandboxing flag set</a> does not include the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag①">sandboxed origin browsing context flag</a>, and <a href="#is-origin-trustworthy">§3.2 Is origin potentially trustworthy?</a> returns "<code>Not Trustworthy</code>" when executed
+        <p><var>document</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#active-sandboxing-flag-set" id="ref-for-active-sandboxing-flag-set②">active sandboxing flag set</a> does not include the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#sandboxed-origin-browsing-context-flag" id="ref-for-sandboxed-origin-browsing-context-flag①">sandboxed origin browsing context flag</a>, and <a href="#is-origin-trustworthy">§ 3.2 Is origin potentially trustworthy?</a> returns "<code>Not Trustworthy</code>" when executed
   upon <var>settings</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#concept-settings-object-origin" id="ref-for-concept-settings-object-origin②">origin</a>.</p>
       </ol>
      <li data-md>
@@ -2093,7 +2102,7 @@ <h3 class="heading settled" data-level="3.2" id="is-origin-trustworthy"><span cl
   trust in a way which excludes <code>file</code>.</p>
     <p>On the other hand, the user agent MAY choose to extend this trust to other,
   vendor-specific URL schemes like <code>app:</code> or <code>chrome-extension:</code> which it can
-  determine <i lang="la">a priori</i> to be trusted (see <a href="#packaged-applications">§7.1 Packaged Applications</a> for detail).</p>
+  determine <i lang="la">a priori</i> to be trusted (see <a href="#packaged-applications">§ 7.1 Packaged Applications</a> for detail).</p>
     <p>Given an <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin" id="ref-for-concept-origin">origin</a> (<var>origin</var>), the following algorithm
   returns "<code>Potentially Trustworthy</code>" or "<code>Not Trustworthy</code>" as appropriate.</p>
     <ol>
@@ -2112,37 +2121,33 @@ <h3 class="heading settled" data-level="3.2" id="is-origin-trustworthy"><span cl
       <p>If <var>origin</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin-host" id="ref-for-concept-origin-host①">host</a> component is "<code>localhost</code>" or
   falls within "<code>.localhost</code>", and the user agent conforms to the name
   resolution rules in <a data-link-type="biblio" href="#biblio-let-localhost-be-localhost">[let-localhost-be-localhost]</a>, return "<code>Potentially Trustworthy</code>".</p>
-      <p class="note" role="note"><span>Note:</span> See <a href="#localhost">§5.2 localhost</a> for details on the requirements here.</p>
+      <p class="note" role="note"><span>Note:</span> See <a href="#localhost">§ 5.2 localhost</a> for details on the requirements here.</p>
      <li data-md>
       <p>If <var>origin</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin-scheme" id="ref-for-concept-origin-scheme①">scheme</a> component is <code>file</code>, return
   "<code>Potentially Trustworthy</code>".</p>
      <li data-md>
       <p>If <var>origin</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin-scheme" id="ref-for-concept-origin-scheme②">scheme</a> component is one which the user
   agent considers to be authenticated, return "<code>Potentially Trustworthy</code>".</p>
-      <p class="note" role="note"><span>Note:</span> See <a href="#packaged-applications">§7.1 Packaged Applications</a> for detail here.</p>
+      <p class="note" role="note"><span>Note:</span> See <a href="#packaged-applications">§ 7.1 Packaged Applications</a> for detail here.</p>
      <li data-md>
       <p>If <var>origin</var> has been configured as a trustworthy origin, return
   "<code>Potentially Trustworthy</code>".</p>
-      <p class="note" role="note"><span>Note:</span> See <a href="#development-environments">§7.2 Development Environments</a> for detail here.</p>
+      <p class="note" role="note"><span>Note:</span> See <a href="#development-environments">§ 7.2 Development Environments</a> for detail here.</p>
      <li data-md>
       <p>Return "<code>Not Trustworthy</code>".</p>
     </ol>
     <p class="note" role="note"><span>Note:</span> Neither <var>origin</var>’s <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin-domain" id="ref-for-concept-origin-domain">domain</a> nor <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin-port" id="ref-for-concept-origin-port">port</a> has any effect on whether or not it is considered to be a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②④">secure context</a>.</p>
     <h3 class="heading settled" data-level="3.3" id="is-url-trustworthy"><span class="secno">3.3. </span><span class="content"> Is <var>url</var> potentially trustworthy? </span><a class="self-link" href="#is-url-trustworthy"></a></h3>
     <p>A <dfn data-dfn-type="dfn" data-export id="potentially-trustworthy-url">potentially trustworthy URL<a class="self-link" href="#potentially-trustworthy-url"></a></dfn> is one which either inherits
-  context from it’s creator (<code>about:blank</code>, <code>about:srcdoc</code>) or one whose <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-origin" id="ref-for-concept-url-origin">origin</a> is a <a data-link-type="dfn" href="#potentially-trustworthy-origin" id="ref-for-potentially-trustworthy-origin②">potentially trustworthy origin</a>.
+  context from it’s creator (<code>about:blank</code>, <code>about:srcdoc</code>, <code>data</code>) or one whose <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-origin" id="ref-for-concept-url-origin">origin</a> is a <a data-link-type="dfn" href="#potentially-trustworthy-origin" id="ref-for-potentially-trustworthy-origin②">potentially trustworthy origin</a>.
   Given a <code class="idl"><a data-link-type="idl" href="https://url.spec.whatwg.org/#url" id="ref-for-url">URL</a></code> (<var>url</var>), the following algorithm returns "<code>Potentially Trustworthy</code>" or "<code>Not Trustworthy</code>" as appropriate:</p>
     <ol>
-     <li data-md>
-      <p>If <var>url</var>’s <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-scheme" id="ref-for-concept-url-scheme">scheme</a> is "<code>data</code>", return "<code>Not Trustworthy</code>".</p>
-      <p class="note" role="note"><span>Note:</span> This aligns the definition of a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑤">secure context</a> with the <i lang="la">de facto</i> "<code>data:</code> URL as <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/origin.html#concept-origin-opaque" id="ref-for-concept-origin-opaque①">opaque origin</a>"
-  behavior that a majority of today’s browsers have agreed upon, rather
-  than the <i lang="la">de jure</i> "<code>data:</code> URL inherits origin"
-  behavior defined in HTML.</p>
      <li data-md>
       <p>If <var>url</var> is "<code>about:blank</code>" or "<code>about:srcdoc</code>", return "<code>Potentially Trustworthy</code>".</p>
      <li data-md>
-      <p>Return the result of executing <a href="#is-origin-trustworthy">§3.2 Is origin potentially trustworthy?</a> on <var>url</var>’s <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-origin" id="ref-for-concept-url-origin①">origin</a>.</p>
+      <p>If <var>url</var>’s <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-scheme" id="ref-for-concept-url-scheme">scheme</a> is "<code>data</code>", return "<code>Potentially Trustworthy</code>".</p>
+     <li data-md>
+      <p>Return the result of executing <a href="#is-origin-trustworthy">§ 3.2 Is origin potentially trustworthy?</a> on <var>url</var>’s <a data-link-type="dfn" href="https://url.spec.whatwg.org/#concept-url-origin" id="ref-for-concept-url-origin①">origin</a>.</p>
       <p class="note" role="note"><span>Note:</span> The origin of <code>blob:</code> and <code>filesystem:</code> URLs is the origin of the
   context in which they were created. Therefore, blobs created in a
   trustworthy origin will themselves be potentially trustworthy.</p>
@@ -2192,13 +2197,13 @@ <h3 class="heading settled" data-level="4.2" id="ancestors"><span class="secno">
   than a speed-bump, slowing down non-secure access to the API, but completely
   ineffective in preventing such access.</p>
     <p>While the algorithms in this document do not perfectly isolate non-secure
-  contexts from <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑥">secure contexts</a> (as discussed in <a href="#isolation">§5.1 Incomplete Isolation</a>), the
+  contexts from <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑤">secure contexts</a> (as discussed in <a href="#isolation">§ 5.1 Incomplete Isolation</a>), the
   ancestor checks provide a fairly robust protection for the guarantees of
   authentication, confidentiality, and integrity that such contexts ought to
   provide.</p>
     <h3 class="heading settled" data-level="4.3" id="threat-risks"><span class="secno">4.3. </span><span class="content">Risks associated with non-secure contexts</span><a class="self-link" href="#threat-risks"></a></h3>
     <p>Certain web platform features that have a distinct impact on a user’s
-  security or privacy should be available for use only in <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑦">secure
+  security or privacy should be available for use only in <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑥">secure
   contexts</a> in order to defend against the threats above. Features
   available in non-secure contexts risk exposing these capabilities to
   network attackers:</p>
@@ -2228,7 +2233,7 @@ <h3 class="heading settled" data-level="4.3" id="threat-risks"><span class="secn
     </ol>
     <p>This list is non-exhaustive, but should give you a feel for the types of
   risks we should consider when writing or implementing specifications.</p>
-    <p class="note" role="note"><span>Note:</span> While restricting a feature itself to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑧">secure contexts</a> is
+    <p class="note" role="note"><span>Note:</span> While restricting a feature itself to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑦">secure contexts</a> is
   critical, we ought not forget that facilities that carry such information
   (such as new network access mechanisms, or other generic functions with access
   to network data) are equally sensitive.</p>
@@ -2236,7 +2241,7 @@ <h3 class="heading settled" data-level="4.3" id="threat-risks"><span class="secn
    <section>
     <h2 class="heading settled" data-level="5" id="security-considerations"><span class="secno">5. </span><span class="content">Security Considerations</span><a class="self-link" href="#security-considerations"></a></h2>
     <h3 class="heading settled" data-level="5.1" id="isolation"><span class="secno">5.1. </span><span class="content">Incomplete Isolation</span><a class="self-link" href="#isolation"></a></h3>
-    <p>The <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑨">secure context</a> definition in this document does not completely
+    <p>The <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑧">secure context</a> definition in this document does not completely
   isolate a "secure" view on an origin from a "non-secure" view on the same
   origin. Exfiltration will still be possible via increasingly esoteric
   mechanisms such as the contents of <code>localStorage</code>/<code>sessionStorage</code>, <code>storage</code> events, <code>BroadcastChannel</code>, and others.</p>
@@ -2252,7 +2257,7 @@ <h3 class="heading settled" data-level="5.2" id="localhost"><span class="secno">
    </section>
    <section>
     <h2 class="heading settled" data-level="6" id="privacy-considerations"><span class="secno">6. </span><span class="content">Privacy Considerations</span><a class="self-link" href="#privacy-considerations"></a></h2>
-    <p>The <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⓪">secure context</a> definition in this document does not in itself have
+    <p>The <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts②⑨">secure context</a> definition in this document does not in itself have
   any privacy impact. It does, however, enable other features which do have
   interesting privacy implications to lock themselves into contexts which
   ensures that specific guarantees can be made regarding integrity,
@@ -2271,18 +2276,18 @@ <h3 class="heading settled" data-level="7.1" id="packaged-applications"><span cl
     <h3 class="heading settled" data-level="7.2" id="development-environments"><span class="secno">7.2. </span><span class="content">Development Environments</span><a class="self-link" href="#development-environments"></a></h3>
     <p>In order to support developers who run staging servers on non-loopback hosts,
   the user agent MAY allow users to configure specific sets of origins as
-  trustworthy, even though <a href="#is-origin-trustworthy">§3.2 Is origin potentially trustworthy?</a> would normally return
+  trustworthy, even though <a href="#is-origin-trustworthy">§ 3.2 Is origin potentially trustworthy?</a> would normally return
   "<code>Not Trustworthy</code>".</p>
     <h3 class="heading settled" data-level="7.3" id="new"><span class="secno">7.3. </span><span class="content">Restricting New Features</span><a class="self-link" href="#new"></a></h3>
     <p><em>This section is non-normative.</em></p>
     <p>When writing a specification for new features, we recommend that authors
-  and editors guard sensitive APIs with checks against <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③①">secure contexts</a>.
+  and editors guard sensitive APIs with checks against <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⓪">secure contexts</a>.
   For example, something like the following might be a good approach:</p>
     <div class="example" id="example-0fe6ea9a">
      <a class="self-link" href="#example-0fe6ea9a"></a> 
      <ol>
       <li>
-        If the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object">current settings object</a> is <em>not</em> a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③②">secure
+        If the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object">current settings object</a> is <em>not</em> a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③①">secure
         context</a>, then: 
        <ol>
         <li> [<i>insert something appropriate here: perhaps a Promise could be
@@ -2291,7 +2296,7 @@ <h3 class="heading settled" data-level="7.3" id="new"><span class="secno">7.3. <
        </ol>
      </ol>
     </div>
-    <p>Authors could alternatively ensure that sensitive APIs are only exposed to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③③">secure contexts</a> by guarding them with the [<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext④">SecureContext</a></code>] attribute.</p>
+    <p>Authors could alternatively ensure that sensitive APIs are only exposed to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③②">secure contexts</a> by guarding them with the [<code class="idl"><a data-link-type="idl" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext④">SecureContext</a></code>] attribute.</p>
     <div class="example" id="example-2aa4b56a">
      <a class="self-link" href="#example-2aa4b56a"></a> 
 <pre class="idl highlight def">[<a class="idl-code" data-link-type="extended-attribute" href="https://heycam.github.io/webidl/#SecureContext" id="ref-for-SecureContext⑤"><c- g>SecureContext</c-></a>]
@@ -2311,17 +2316,17 @@ <h3 class="heading settled" data-level="7.4" id="legacy"><span class="secno">7.4
      <p><em>This section is non-normative.</em></p>
      <p>The list above clearly includes some existing functionality that is currently
     available to the web over non-secure channels. We recommend that such legacy
-    functionality be modified to begin requiring a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③④">secure context</a> as
+    functionality be modified to begin requiring a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③③">secure context</a> as
     quickly as is reasonably possible <a data-link-type="biblio" href="#biblio-w3c-process">[W3C-PROCESS]</a>.</p>
      <ol>
       <li data-md>
        <p>If such a feature is not widely implemented, we recommend that the
   specification be immediately <a data-link-type="dfn" href="https://www.w3.org/2017/Process-20170301/#rec-modify" id="ref-for-rec-modify">modified</a> to include a restriction
-  to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑤">secure contexts</a>.</p>
+  to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③④">secure contexts</a>.</p>
       <li data-md>
        <p>If such a feature is widely implemented, but not yet in wide use, we
-  recommend that it be quickly restricted to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑥">secure contexts</a> by
-  adding a check as described in <a href="#new">§7.3 Restricting New Features</a> to existing implementations, and <a data-link-type="dfn" href="https://www.w3.org/2017/Process-20170301/#rec-modify" id="ref-for-rec-modify①">modifying the specification</a> accordingly.</p>
+  recommend that it be quickly restricted to <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑤">secure contexts</a> by
+  adding a check as described in <a href="#new">§ 7.3 Restricting New Features</a> to existing implementations, and <a data-link-type="dfn" href="https://www.w3.org/2017/Process-20170301/#rec-modify" id="ref-for-rec-modify①">modifying the specification</a> accordingly.</p>
       <li data-md>
        <p>If such a feature is in wide use, we recommend that the existing
   functionality be deprecated; the specification should be <a data-link-type="dfn" href="https://www.w3.org/2017/Process-20170301/#rec-modify" id="ref-for-rec-modify②">modified</a> to note that it does not
@@ -2336,8 +2341,8 @@ <h4 class="heading settled" data-level="7.4.1" id="legacy-example"><span class="
      <ol>
       <li data-md>
        <p><a data-link-type="dfn" href="https://www.w3.org/2017/Process-20170301/#rec-modify" id="ref-for-rec-modify③">Modify</a> the specification to include
-  checks against <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑦">secure context</a> before executing the algorithms for <code class="idl"><a data-link-type="idl" href="https://www.w3.org/TR/geolocation-API/#get-current-position" id="ref-for-get-current-position">getCurrentPosition()</a></code> and <code class="idl"><a data-link-type="idl" href="https://www.w3.org/TR/geolocation-API/#watch-position" id="ref-for-watch-position">watchPosition()</a></code>.</p>
-       <p>If the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object①">current settings object</a> is not a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑧">secure context</a>,
+  checks against <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑥">secure context</a> before executing the algorithms for <code class="idl"><a data-link-type="idl" href="https://www.w3.org/TR/geolocation-API/#get-current-position" id="ref-for-get-current-position">getCurrentPosition()</a></code> and <code class="idl"><a data-link-type="idl" href="https://www.w3.org/TR/geolocation-API/#watch-position" id="ref-for-watch-position">watchPosition()</a></code>.</p>
+       <p>If the <a data-link-type="dfn" href="https://html.spec.whatwg.org/multipage/webappapis.html#current-settings-object" id="ref-for-current-settings-object①">current settings object</a> is not a <a data-link-type="dfn" href="#secure-contexts" id="ref-for-secure-contexts③⑦">secure context</a>,
   then the algorithm should be aborted, and the <code>errorCallback</code> invoked with a <code>code</code> of <code>PERMISSION_DENIED</code>.</p>
       <li data-md>
        <p>The user agent should announce clear intentions to disable the API for
@@ -2543,8 +2548,6 @@ <h3 class="no-num no-ref heading settled" id="index-defined-here"><span class="c
    <ul>
     <li><a href="#ref-for-concept-origin-opaque">3.2. 
     Is origin potentially trustworthy? </a>
-    <li><a href="#ref-for-concept-origin-opaque①">3.3. 
-    Is url potentially trustworthy? </a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="term-for-concept-settings-object-origin">
@@ -2789,13 +2792,13 @@ <h3 class="no-num no-ref heading settled" id="informative"><span class="content"
    <dt id="biblio-indexeddb">[IndexedDB]
    <dd>Nikunj Mehta; et al. <a href="https://www.w3.org/TR/IndexedDB/">Indexed Database API</a>. 8 January 2015. REC. URL: <a href="https://www.w3.org/TR/IndexedDB/">https://www.w3.org/TR/IndexedDB/</a>
    <dt id="biblio-mediacapture-streams">[MEDIACAPTURE-STREAMS]
-   <dd>Daniel Burnett; et al. <a href="https://www.w3.org/TR/mediacapture-streams/">Media Capture and Streams</a>. 3 October 2017. CR. URL: <a href="https://www.w3.org/TR/mediacapture-streams/">https://www.w3.org/TR/mediacapture-streams/</a>
+   <dd>Daniel Burnett; et al. <a href="https://www.w3.org/TR/mediacapture-streams/">Media Capture and Streams</a>. 2 July 2019. CR. URL: <a href="https://www.w3.org/TR/mediacapture-streams/">https://www.w3.org/TR/mediacapture-streams/</a>
    <dt id="biblio-mix">[MIX]
    <dd>Mike West. <a href="https://www.w3.org/TR/mixed-content/">Mixed Content</a>. 2 August 2016. CR. URL: <a href="https://www.w3.org/TR/mixed-content/">https://www.w3.org/TR/mixed-content/</a>
    <dt id="biblio-powerful-new-features">[POWERFUL-NEW-FEATURES]
    <dd>Chrome Security Team. <a href="https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features">Prefer Secure Origins For Powerful New Features</a>. URL: <a href="https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features">https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features</a>
    <dt id="biblio-rfc6265">[RFC6265]
-   <dd>A. Barth. <a href="https://tools.ietf.org/html/rfc6265">HTTP State Management Mechanism</a>. April 2011. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc6265">https://tools.ietf.org/html/rfc6265</a>
+   <dd>A. Barth. <a href="https://httpwg.org/specs/rfc6265.html">HTTP State Management Mechanism</a>. April 2011. Proposed Standard. URL: <a href="https://httpwg.org/specs/rfc6265.html">https://httpwg.org/specs/rfc6265.html</a>
    <dt id="biblio-rfc6761">[RFC6761]
    <dd>S. Cheshire; M. Krochmal. <a href="https://tools.ietf.org/html/rfc6761">Special-Use Domain Names</a>. February 2013. Proposed Standard. URL: <a href="https://tools.ietf.org/html/rfc6761">https://tools.ietf.org/html/rfc6761</a>
    <dt id="biblio-rfc7258">[RFC7258]
@@ -2803,7 +2806,7 @@ <h3 class="no-num no-ref heading settled" id="informative"><span class="content"
    <dt id="biblio-securing-web">[SECURING-WEB]
    <dd>Mark Nottingham. <a href="https://www.w3.org/2001/tag/doc/web-https">Securing the Web</a>. TAG Finding. URL: <a href="https://www.w3.org/2001/tag/doc/web-https">https://www.w3.org/2001/tag/doc/web-https</a>
    <dt id="biblio-service-workers">[SERVICE-WORKERS]
-   <dd>Alex Russell; et al. <a href="https://www.w3.org/TR/service-workers-1/">Service Workers 1</a>. 2 November 2017. WD. URL: <a href="https://www.w3.org/TR/service-workers-1/">https://www.w3.org/TR/service-workers-1/</a>
+   <dd>Alex Russell; et al. <a href="https://www.w3.org/TR/service-workers-1/">Service Workers 1</a>. 19 November 2019. CR. URL: <a href="https://www.w3.org/TR/service-workers-1/">https://www.w3.org/TR/service-workers-1/</a>
    <dt id="biblio-verizon">[VERIZON]
    <dd>Mark Bergen; Alex Kantrowitz. <a href="http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/">Verizon looks to target its mobile subscribers with ads</a>. URL: <a href="http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/">http://adage.com/article/digital/verizon-target-mobile-subscribers-ads/293356/</a>
    <dt id="biblio-web-bluetooth">[WEB-BLUETOOTH]
@@ -2844,15 +2847,13 @@ <h2 class="no-num no-ref heading settled" id="issues-index"><span class="content
     Is an environment settings object contextually secure? </a> <a href="#ref-for-secure-contexts②③">(2)</a>
     <li><a href="#ref-for-secure-contexts②④">3.2. 
     Is origin potentially trustworthy? </a>
-    <li><a href="#ref-for-secure-contexts②⑤">3.3. 
-    Is url potentially trustworthy? </a>
-    <li><a href="#ref-for-secure-contexts②⑥">4.2. Ancestral Risk</a>
-    <li><a href="#ref-for-secure-contexts②⑦">4.3. Risks associated with non-secure contexts</a> <a href="#ref-for-secure-contexts②⑧">(2)</a>
-    <li><a href="#ref-for-secure-contexts②⑨">5.1. Incomplete Isolation</a>
-    <li><a href="#ref-for-secure-contexts③⓪">6. Privacy Considerations</a>
-    <li><a href="#ref-for-secure-contexts③①">7.3. Restricting New Features</a> <a href="#ref-for-secure-contexts③②">(2)</a> <a href="#ref-for-secure-contexts③③">(3)</a>
-    <li><a href="#ref-for-secure-contexts③④">7.4. Restricting Legacy Features</a> <a href="#ref-for-secure-contexts③⑤">(2)</a> <a href="#ref-for-secure-contexts③⑥">(3)</a>
-    <li><a href="#ref-for-secure-contexts③⑦">7.4.1. Example: Geolocation</a> <a href="#ref-for-secure-contexts③⑧">(2)</a>
+    <li><a href="#ref-for-secure-contexts②⑤">4.2. Ancestral Risk</a>
+    <li><a href="#ref-for-secure-contexts②⑥">4.3. Risks associated with non-secure contexts</a> <a href="#ref-for-secure-contexts②⑦">(2)</a>
+    <li><a href="#ref-for-secure-contexts②⑧">5.1. Incomplete Isolation</a>
+    <li><a href="#ref-for-secure-contexts②⑨">6. Privacy Considerations</a>
+    <li><a href="#ref-for-secure-contexts③⓪">7.3. Restricting New Features</a> <a href="#ref-for-secure-contexts③①">(2)</a> <a href="#ref-for-secure-contexts③②">(3)</a>
+    <li><a href="#ref-for-secure-contexts③③">7.4. Restricting Legacy Features</a> <a href="#ref-for-secure-contexts③④">(2)</a> <a href="#ref-for-secure-contexts③⑤">(3)</a>
+    <li><a href="#ref-for-secure-contexts③⑥">7.4.1. Example: Geolocation</a> <a href="#ref-for-secure-contexts③⑦">(2)</a>
    </ul>
   </aside>
   <aside class="dfn-panel" data-for="non-secure-contexts">
diff --git a/index.src.html b/index.src.html
index d6dbd8e..5338bce 100644
--- a/index.src.html
+++ b/index.src.html
@@ -18,12 +18,11 @@ <h1>Secure Contexts</h1>
 Indent: 2
 Markup Shorthands: markdown on
 Boilerplate: omit conformance, omit feedback-header
-At Risk: The <a>sandboxed secure browsing context flag</a> defined in [[#monkey-patching-sandbox-flags]], as well as its usage in [[#is-settings-object-contextually-secure]]. [<a href="#issue-255ee4a4">Issue 2</a>]
+At Risk: The <a>sandboxed secure browsing context flag</a> defined in [[#monkey-patching-sandbox-flags]], as well as its usage in [[#is-settings-object-contextually-secure]].
 </pre>
 <pre class="link-defaults">
 spec:url; type:interface; text:URL
 spec:dom; type:interface; text:Document
-spec:html; type:dfn; for:/; text: active sandboxing flag set
 spec:html; type:dfn; for:/; text: creator context security
 spec:html; type:dfn; for:/; text:global object
 </pre>
@@ -65,7 +64,7 @@ <h1>Secure Contexts</h1>
     "authors": [ "Mike West" ],
     "title": "Let 'localhost' be localhost.",
     "href": "https://tools.ietf.org/html/draft-west-let-localhost-be-localhost",
-    "publisher": "IETF"    
+    "publisher": "IETF"
   }
 }
 </pre>
@@ -136,7 +135,7 @@ <h2 id="intro">Introduction</h2>
   </style>
 
   <h3 id="examples-top-level">Top-level Documents</h3>
-  
+
   <div class="example">
     <p><code>http://example.com/</code> opened in a <a>top-level browsing
     context</a> is not a <a>secure context</a>, as it was not delivered over
@@ -609,7 +608,7 @@ <h3 id="is-settings-object-contextually-secure">
 
     5.  Return "`Not Secure`" if any of the following are true:
 
-        1.  |document|'s <a>active sandboxing flag set</a> contains the
+        1.  |document|'s <a for=Document>active sandboxing flag set</a> contains the
             <a>sandboxed secure browsing context flag</a>.
 
             Note: This check is "at risk". See [[#monkey-patching-sandbox-flags]]
@@ -620,7 +619,7 @@ <h3 id="is-settings-object-contextually-secure">
 
         3.  |settings|'s <a for="environment settings object">HTTPS state</a> is "`deprecated`".
 
-        4.  |document|'s <a>active sandboxing flag set</a> includes the
+        4.  |document|'s <a for=Document>active sandboxing flag set</a> includes the
             <a>sandboxed origin browsing context flag</a>, and
             [[#is-url-trustworthy]] returns "`Not Trustworthy`" when executed upon
             |settings|'s <a>creation URL</a>.
@@ -634,7 +633,7 @@ <h3 id="is-settings-object-contextually-secure">
             look at the origin of its URL to determine whether we would have
             considered it trustworthy had it not been sandboxed.
 
-        5.  |document|'s <a>active sandboxing flag set</a> does not include the
+        5.  |document|'s <a for=Document>active sandboxing flag set</a> does not include the
             <a>sandboxed origin browsing context flag</a>, and
             [[#is-origin-trustworthy]] returns "`Not Trustworthy`" when executed
             upon |settings|'s <a for="environment settings object">origin</a>.
@@ -715,21 +714,15 @@ <h3 id="is-url-trustworthy">
   </h3>
 
   A <dfn export>potentially trustworthy URL</dfn> is one which either inherits
-  context from it's creator (`about:blank`, `about:srcdoc`) or one whose
+  context from it's creator (`about:blank`, `about:srcdoc`, `data`) or one whose
   <a for="url">origin</a> is a <a>potentially trustworthy origin</a>.
   Given a {{URL}} (|url|), the following algorithm returns "`Potentially
   Trustworthy`" or "`Not Trustworthy`" as appropriate:
 
-  1.  If |url|'s <a for="url">scheme</a> is "`data`", return "`Not
+  1.  If |url| is "`about:blank`" or "`about:srcdoc`", return "`Potentially
       Trustworthy`".
 
-      Note: This aligns the definition of a <a>secure context</a> with the
-      <i lang="la">de facto</i> "`data:` URL as <a>opaque origin</a>"
-      behavior that a majority of today's browsers have agreed upon, rather
-      than the <i lang="la">de jure</i> "`data:` URL inherits origin"
-      behavior defined in HTML.
-
-  2.  If |url| is "`about:blank`" or "`about:srcdoc`", return "`Potentially
+  2.  If |url|'s <a for="url">scheme</a> is "`data`", return "`Potentially
       Trustworthy`".
 
   3.  Return the result of executing [[#is-origin-trustworthy]] on |url|'s
@@ -879,7 +872,7 @@ <h3 id="localhost">`localhost`</h3>
   resolvers SHOULD/MAY treat them specially. For better or worse, resolvers
   often ignore these suggestions, and will send `localhost` to the network
   for resolution in a number of circumstances.
-  
+
   Given that uncertainty, user agents MAY treat localhost names as having
   <a>potentially trustworthy origins</a> if and only if they also adhere to the
   localhost name resolution rules spelled out in [[!let-localhost-be-localhost]]