Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
part 5) Provoke a CSP violation for
object-src 'none'
with "video/m…
…p4" and dummy data instead of with the flash plugin in <trusted-types-reporting.html>. The spec (https://w3c.github.io/webappsec-csp/#object-src) doesn't specify for which types a default plugin is loaded. Moreover, it doesn't specify the behavior when plugin content can *not* be loaded. This patch increases web-compatibility, because it provokes a CSP violation for Gecko/Firefox too. Differential Revision: https://phabricator.services.mozilla.com/D215363 bugzilla-url: https://bugzilla.mozilla.org/show_bug.cgi?id=1901510 gecko-commit: e68da2d23a8e7266701e94dc87e4158cf66c93ca gecko-reviewers: tschuster
- Loading branch information