Not catching all mixed content warnings - probably exiting too early

[ashfame]

Open this URL in chrome & notice the console warnings about mixed content warning - https://googlesamples.github.io/web-fundamentals/fundamentals/security/prevent-mixed-content/active-mixed-content.html

and compare that with the ones reported by the tool.

The insecure URL in the iframe is not caught. Also, if you host the html yourself & remove comments for <object type="application/x-shockwave-flash" data="http://..."></object>, even that's not caught but chrome shows another mixed content warning.

I think we are probably exiting too early for these to be caught?