Open Rudxain opened 9 months ago
This can backfire, as URI-schemes don't provide all info. A URL can be https
but the browser may fall-back to http
because the server "doesn't support it". Some http
URLs may be auto-upgraded by the browser, thereby making https
scheme a "waste of bytes"
Print a warning if the URI-schemes seem to mix encrypted protocols with plain-text protocols.
This is for security and privacy reasons, considering SVGs allow execution of JS.
TLS and SSH don't simply encrypt data, they also authenticate the provider, thereby proving the source is "the real one".