Deflake CSP object-src-url*-allowed.html

Reenable the tests. They have probably been fixed by:
https://chromium-review.googlesource.com/c/chromium/src/+/1995261

Remove attribute "async defer" to the <script>. It delays the script execution
for no reasons and might also cause it to fail.

Improve coding style along the way.

Bug: 1039643, 1039642
Change-Id: I8e4667a455d96f03f3f2d99e229f529ec5d70153
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2007732
Commit-Queue: Arthur Sonzogni <arthursonzogni@chromium.org>
Reviewed-by: Camille Lamy <clamy@chromium.org>
Cr-Commit-Position: refs/heads/master@{#732890}

third_party/blink/web_tests/TestExpectations

@@ -6274,9 +6274,6 @@ crbug.com/963183 http/tests/devtools/jump-to-previous-editing-location.js [ Pass
 crbug.com/webrtc/11228 external/wpt/webrtc/RTCPeerConnection-mandatory-getStats.https.html [ Pass Failure ]
 crbug.com/webrtc/11228 virtual/webrtc-wpt-plan-b/external/wpt/webrtc/RTCPeerConnection-mandatory-getStats.https.html [ Pass Failure ]
 
-# Sheriff 2020-01-08
-crbug.com/1039643 [ Win ] external/wpt/content-security-policy/object-src/object-src-url-embed-allowed.html [ Pass Timeout ]
-
 # Failures that appeared while fuzzy-diff was on. TODO(jonross) triage these and
 # update baselines as needed, or file more direct bugs.
 crbug.com/1039401 [ Linux ] compositing/lots-of-img-layers.html [ Failure ]

third_party/blink/web_tests/external/wpt/content-security-policy/object-src/object-src-url-allowed.html

@@ -4,15 +4,21 @@
 <head>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
-    <!-- Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} -->
+    <!--
+      Content-Security-Policy:
+        object-src 'self';
+        script-src 'self' 'unsafe-inline';
+        report-uri ../support/report.py?op=put&reportID={{$id}}
+    -->
 </head>
 
 <body>
     <object type="image/png" data="/content-security-policy/support/pass.png"></object>
-
-    <!-- we rely on the report because we can't rely on the onload event for
-         "allowed" tests as it is not fired for object and embed -->
-    <script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
+    <!--
+      We rely on the report because we can't rely on the onload event for
+      "allowed" tests as it is not fired for object and embed
+    -->
+    <script src='../support/checkReport.sub.js?reportExists=false'></script>
 </body>
 
 </html>

third_party/blink/web_tests/external/wpt/content-security-policy/object-src/object-src-url-embed-allowed.html

@@ -4,16 +4,22 @@
 <head>
     <script src="/resources/testharness.js"></script>
     <script src="/resources/testharnessreport.js"></script>
-    <!-- Content-Security-Policy: object-src 'self'; script-src 'self' 'unsafe-inline'; report-uri ../support/report.py?op=put&reportID={{$id}} -->
+    <!--
+      Content-Security-Policy:
+        object-src 'self';
+        script-src 'self' 'unsafe-inline';
+        report-uri ../support/report.py?op=put&reportID={{$id}}
+    -->
 </head>
 
 <body>
   <embed height="40" width="40" type="image/png"
          src="/content-security-policy/support/pass.png"></embed>
-
-         <!-- we rely on the report because we can't rely on the onload event for
-              "allowed" tests as it is not fired for object and embed -->
-    <script async defer src='../support/checkReport.sub.js?reportExists=false'></script>
+  <!--
+    We rely on the report because we can't rely on the onload event for
+    "allowed" tests as it is not fired for object and embed
+  -->
+  <script src='../support/checkReport.sub.js?reportExists=false'></script>
 </body>
 
 </html>