When a document embeds insecure content, the browser should revoke the capability to display a lock icon from all documents in the same security origin as the contaminated document. This mitigation is possible because the capability to display a lock icon is revocable.
Comments