Form submission warning with `javascript:`

[nicolo-ribaudo]

When using javascript: URLs as form actions in HTTPS pages we don't have a mixed content issue. However, given that it's not a potentially trustworthy scheme, according to https://www.w3.org/TR/mixed-content/#requirements-forms user agents may warn about it.

Should there be an exception for javascript: URLs? It seems like Safari, Chrome and Firefox all do not warn in that case.

[annevk]

I think this probably just needs to be clarified in the non-normative text as HTML doesn't call into Mixed Content (despite there being a lone reference suggesting it does at least for something) and javascript: URLs are handled by HTML before it calls into Fetch.