<!DOCTYPE html>
<html>

<head>
    <!-- Programmatically converted from a WebKit Reftest, please forgive resulting idiosyncracies.-->
    <meta http-equiv="Content-Security-Policy" content="plugin-types application/x-invalid-type; script-src 'self' 'unsafe-inline'; connect-src 'self';">
    <title>plugintypes-mismatched-url</title>
    <script src="/resources/testharness.js"></script>
    <script src="/resources/testharnessreport.js"></script>
    <script src='../support/logTest.sub.js?logs=["After object"]'></script>
    <script src="../support/alertAssert.sub.js?alerts=[]"></script>
</head>

<body>
    <script>
        window.addEventListener('securitypolicyviolation', function(e) {
            log("Fail");
        });
    </script>    

    This tests that plugin content that doesn&apos;t match the declared type doesn&apos;t load, even if the document&apos;s CSP would allow it. This test passes if no iframe is dumped (meaning that no PluginDocument was created).
    <object type="application/x-invalid-type" data="/plugins/resources/mock-plugin.pl" log="FAIL!"></object>
    <script>
        log("After object");
    </script>
    <div id="log"></div>
</body>

</html>