part 5) Provoke a CSP violation for object-src 'none' with "video/mp4" and dummy data instead of with the flash plugin in <trusted-types-reporting.html>.
The spec (https://w3c.github.io/webappsec-csp/#object-src) doesn't
specify for which types a default plugin is loaded.
Moreover, it doesn't specify the behavior when plugin content can not
be loaded.
This patch increases web-compatibility, because it provokes a CSP
violation for Gecko/Firefox too.
Differential Revision: https://phabricator.services.mozilla.com/D215363
bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1901510
gecko-commit: e68da2d23a8e7266701e94dc87e4158cf66c93ca
gecko-reviewers: tschuster