Allow javascript: links from HTTPS first party pages
When we consolidate the security slider options into just "High", "Medium", and "Default", we should ask Giorgio if he can give us a way to allow javascript: links when JS is enabled for HTTPS first party pages (but not http pages).
This is the main thing that I've noticed breaking on "Medium-High", which if we make the new "Medium", we should definitely fix.
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information