Rudxain
commented
9 months ago This can backfire, as URI-schemes don't provide all info. A URL can be https but the browser may fall-back to http because the server "doesn't support it". Some http URLs may be auto-upgraded by the browser, thereby making https scheme a "waste of bytes"
Print a warning if the URI-schemes seem to mix encrypted protocols with plain-text protocols.
This is for security and privacy reasons, considering SVGs allow execution of JS.
TLS and SSH don't simply encrypt data, they also authenticate the provider, thereby proving the source is "the real one".