@domenic for the pointerrawupdate which is an event type of PointerEvent and is the only pointer event that is going to be restricted to a secure context is this enough to indicate its SecureContext restrictions? In other examples I saw in other specs all the events of a specific interface had this restriction and hence they added the [SecureContext] to the interface itself. But that doesn't work here.

You also need to update whatever normative text fires a pointerrawupdate event to have it not do so when an appropiate global is not a secure context. Just hiding the event handler attribute wouldn't stop that spec text from executing and causing addEventListener("pointerrawupdate", callback) to trigger.

It appears the section to update is https://w3c.github.io/pointerevents/#the-pointerrawupdate-event

Does this look good?

I couldn't find tests for this, at least for the pointerrawupdate. And I'm not sure https://wpt.fyi/results/pointerevents/idlharness.window.html?label=master&label=experimental&aligned&view=subtest&q=idlharness gets run in https contexts. The link in the page leads to http site.

Implementations seem to expose getCoalescedEvents on non-secure contexts too
https://searchfox.org/mozilla-central/rev/05f486c76f84830041e51b7c68e3e697dc768454/dom/webidl/PointerEvent.webidl#38
https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/core/events/pointer_event.idl;l=1?q=pointer_event.idl&sq=

Finally adding a test for this. Need to move quite a few tests to be loaded from .https and then have some tests for non-https to ensure the features aren't exposed.

web-platform-tests/wpt#42527

Thanks @smaug---- for fixing a bunch of WPTs around this.

This calls for new WPTs to be included in the Interop 2024 proposal (web-platform-tests/interop#472). Please consider voting for some of the WPTs you updated here (and maybe other WPTs too).