Update links to the Secure Contexts spec

Part of https://github.com/w3c/web-platform-tests/issues/7784 and
roundabout manner.

Change-Id: I7a11d22240784d94776d77ca07d0c28b1ef12736
Reviewed-on: https://chromium-review.googlesource.com/952670Reviewed-by: Emily Stark <estark@chromium.org>
Commit-Queue: Philip Jägenstedt <foolip@chromium.org>
Cr-Commit-Position: refs/heads/master@{#542295}

third_party/WebKit/Source/core/dom/ExecutionContext.h

@@ -176,7 +176,7 @@ class CORE_EXPORT ExecutionContext : public ContextLifecycleNotifier,
   bool IsWindowInteractionAllowed() const;
 
   // Decides whether this context is privileged, as described in
-  // https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged.
+  // https://w3c.github.io/webappsec-secure-contexts/#is-settings-object-contextually-secure.
   virtual bool IsSecureContext(String& error_message) const = 0;
   virtual bool IsSecureContext() const;
 

third_party/WebKit/Source/core/frame/Window.idl

@@ -213,7 +213,7 @@
     attribute EventHandler onwebkitanimationstart;
     attribute EventHandler onwebkittransitionend;
 
-    // https://w3c.github.io/webappsec/specs/powerfulfeatures/#monkey-patching-global-object
+    // https://w3c.github.io/webappsec-secure-contexts/#monkey-patching-global-object
     readonly attribute boolean isSecureContext;
 
     attribute DOMMatrixConstructor WebKitCSSMatrix;

third_party/WebKit/Source/modules/serviceworkers/ServiceWorkerContainer.cpp

@@ -183,7 +183,7 @@ void ServiceWorkerContainer::RegisterServiceWorkerImpl(
       execution_context->GetSecurityOrigin();
   String error_message;
   // Restrict to secure origins:
-  // https://w3c.github.io/webappsec/specs/powerfulfeatures/#settings-privileged
+  // https://w3c.github.io/webappsec-secure-contexts/#is-settings-object-contextually-secure
   if (!execution_context->IsSecureContext(error_message)) {
     callbacks->OnError(WebServiceWorkerError(
         mojom::blink::ServiceWorkerErrorType::kSecurity, error_message));

third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h

@@ -144,7 +144,7 @@ class PLATFORM_EXPORT SchemeRegistry {
       PolicyAreas = kPolicyAreaAll);
 
   // Schemes which bypass Secure Context checks defined in
-  // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy.
+  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
   static void RegisterURLSchemeBypassingSecureContextCheck(
       const String& scheme);
   static bool SchemeShouldBypassSecureContextCheck(const String& scheme);

third_party/WebKit/Source/platform/weborigin/SecurityOrigin.h

@@ -123,7 +123,7 @@ class PLATFORM_EXPORT SecurityOrigin : public RefCounted<SecurityOrigin> {
   // Returns true if the origin loads resources either from the local
   // machine or over the network from a
   // cryptographically-authenticated origin, as described in
-  // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy.
+  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy
   bool IsPotentiallyTrustworthy() const;
 
   // Returns a human-readable error message describing that a non-secure

third_party/WebKit/public/platform/WebSecurityOrigin.h

@@ -92,7 +92,7 @@ class WebSecurityOrigin {
   // Returns true if the origin loads resources either from the local
   // machine or over the network from a
   // cryptographically-authenticated origin, as described in
-  // https://w3c.github.io/webappsec/specs/powerfulfeatures/#is-origin-trustworthy.
+  // https://w3c.github.io/webappsec-secure-contexts/#is-origin-trustworthy.
   BLINK_PLATFORM_EXPORT bool IsPotentiallyTrustworthy() const;
 
   // Returns a string representation of the WebSecurityOrigin.  The empty