Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(323)

Side by Side Diff: chrome/common/extensions/docs/manifest.html

Issue 10458063: Add sanbdoxed_pages to allow extension/app pages to be served in a sandboxed, unique origin (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: CheckCurrentContextAccessToExtensionAPI Created 8 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 <!DOCTYPE html><!-- This page is a placeholder for generated extensions api doc. Note: 1 <!DOCTYPE html><!-- This page is a placeholder for generated extensions api doc. Note:
2 1) The <head> information in this page is significant, should be uniform 2 1) The <head> information in this page is significant, should be uniform
3 across api docs and should be edited only with knowledge of the 3 across api docs and should be edited only with knowledge of the
4 templating mechanism. 4 templating mechanism.
5 3) All <body>.innerHTML is genereated as an rendering step. If viewed in a 5 3) All <body>.innerHTML is genereated as an rendering step. If viewed in a
6 browser, it will be re-generated from the template, json schema and 6 browser, it will be re-generated from the template, json schema and
7 authored overview content. 7 authored overview content.
8 4) The <body>.innerHTML is also generated by an offline step so that this 8 4) The <body>.innerHTML is also generated by an offline step so that this
9 page may easily be indexed by search engines. 9 page may easily be indexed by search engines.
10 --><html xmlns="http://www.w3.org/1999/xhtml"><head> 10 --><html xmlns="http://www.w3.org/1999/xhtml"><head>
(...skipping 214 matching lines...) Expand 10 before | Expand all | Expand 10 after
225 </li><li> 225 </li><li>
226 <a href="#permissions">permissions</a> 226 <a href="#permissions">permissions</a>
227 </li><li> 227 </li><li>
228 <a href="#requirements">requirements</a> 228 <a href="#requirements">requirements</a>
229 </li><li> 229 </li><li>
230 <a href="#version">version</a> 230 <a href="#version">version</a>
231 </li><li> 231 </li><li>
232 <a href="#manifest_version">manifest_version</a> 232 <a href="#manifest_version">manifest_version</a>
233 </li><li> 233 </li><li>
234 <a href="#web_accessible_resources">web_accessible_resources</ a> 234 <a href="#web_accessible_resources">web_accessible_resources</ a>
235 </li><li>
236 <a href="#sandboxed_pages">sandboxed_pages</a>
235 </li> 237 </li>
236 </ol> 238 </ol>
237 </li> 239 </li>
238 </ol> 240 </ol>
239 </div> 241 </div>
240 <!-- /TABLE OF CONTENTS --> 242 <!-- /TABLE OF CONTENTS -->
241 <!-- Standard content lead-in for experimental API pages --> 243 <!-- Standard content lead-in for experimental API pages -->
242 <!-- STATIC CONTENT PLACEHOLDER --> 244 <!-- STATIC CONTENT PLACEHOLDER -->
243 <div id="static"><div id="pageData-name" class="pageData">Formats: Manif est Files</div> 245 <div id="static"><div id="pageData-name" class="pageData">Formats: Manif est Files</div>
244 <div id="pageData-showTOC" class="pageData">true</div> 246 <div id="pageData-showTOC" class="pageData">true</div>
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
281 "<a href="#key">key</a>": "<em>publicKey</em>", 283 "<a href="#key">key</a>": "<em>publicKey</em>",
282 "<a href="#minimum_chrome_version">minimum_chrome_version</a>": "<em>versionSt ring</em>", 284 "<a href="#minimum_chrome_version">minimum_chrome_version</a>": "<em>versionSt ring</em>",
283 "<a href="#nacl_modules">nacl_modules</a>": [...], 285 "<a href="#nacl_modules">nacl_modules</a>": [...],
284 "<a href="#offline_enabled">offline_enabled</a>": true, 286 "<a href="#offline_enabled">offline_enabled</a>": true,
285 "<a href="omnibox.html">omnibox</a>": { "keyword": "<em>aString</em>" }, 287 "<a href="omnibox.html">omnibox</a>": { "keyword": "<em>aString</em>" },
286 "<a href="options.html">options_page</a>": "<em>aFile</em>.html", 288 "<a href="options.html">options_page</a>": "<em>aFile</em>.html",
287 "<a href="#permissions">permissions</a>": [...], 289 "<a href="#permissions">permissions</a>": [...],
288 "<a href="npapi.html">plugins</a>": [...], 290 "<a href="npapi.html">plugins</a>": [...],
289 "<a href="#requirements">requirements</a>": {...}, 291 "<a href="#requirements">requirements</a>": {...},
290 "<a href="autoupdate.html">update_url</a>": "http://<em>path/to/updateInfo</em >.xml", 292 "<a href="autoupdate.html">update_url</a>": "http://<em>path/to/updateInfo</em >.xml",
291 "<a href="#web_accessible_resources">web_accessible_resources</a>": [...] 293 "<a href="#web_accessible_resources">web_accessible_resources</a>": [...],
294 "<a href="#sandboxed_pages">sandboxed_pages</a>": [...]
292 } 295 }
293 </pre> 296 </pre>
294 <a name="H2-1"></a><h2>Field details</h2> 297 <a name="H2-1"></a><h2>Field details</h2>
295 <p> 298 <p>
296 This section covers fields that aren't described in another page. 299 This section covers fields that aren't described in another page.
297 For a complete list of fields, 300 For a complete list of fields,
298 with links to where they're described in detail, 301 with links to where they're described in detail,
299 see the <a href="#overview">Field summary</a>. 302 see the <a href="#overview">Field summary</a>.
300 </p> 303 </p>
301 <h3 id="app">app</h3> 304 <h3 id="app">app</h3>
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after
421 </p> 424 </p>
422 <h3 id="intents">intents</h3> 425 <h3 id="intents">intents</h3>
423 <p> 426 <p>
424 A dictionary that specifies all intent handlers provided by this extension or ap p. Each key in the dictionary specifies an action verb that is handled by this e xtension. The following example specifies two handlers for the action verb "<a h ref="http://webintents.org/share">http://webintents.org/share</a>". 427 A dictionary that specifies all intent handlers provided by this extension or ap p. Each key in the dictionary specifies an action verb that is handled by this e xtension. The following example specifies two handlers for the action verb "<a h ref="http://webintents.org/share">http://webintents.org/share</a>".
425 </p> 428 </p>
426 <pre>{ 429 <pre>{
427 "name": "test", 430 "name": "test",
428 "version": "1", 431 "version": "1",
429 "intents": { 432 "intents": {
430 "http://webintents.org/share": [ 433 "http://webintents.org/share": [
431 { 434 {
432 "type": ["text/uri-list"], 435 "type": ["text/uri-list"],
433 "href": "/services/sharelink.html", 436 "href": "/services/sharelink.html",
434 "title" : "Sample Link Sharing Intent", 437 "title" : "Sample Link Sharing Intent",
435 "disposition" : "inline" 438 "disposition" : "inline"
436 }, 439 },
437 { 440 {
438 "type": ["image/*"], 441 "type": ["image/*"],
439 "href": "/services/shareimage.html", 442 "href": "/services/shareimage.html",
440 "title" : "Sample Image Sharing Intent", 443 "title" : "Sample Image Sharing Intent",
441 "disposition" : "window" 444 "disposition" : "window"
442 } 445 }
443 ] 446 ]
444 } 447 }
445 } 448 }
446 </pre> 449 </pre>
447 <p> 450 <p>
448 The value of "type" is an array of mime types that is supported by this handler. The "href" indicates the URL of the page that handles the intent. For hosted ap ps, these URLs must be within the allowed set of URLs. For extensions, all URLs are inside the extension and considered relative to the extension root URL. 451 The value of "type" is an array of mime types that is supported by this handler. The "href" indicates the URL of the page that handles the intent. For hosted ap ps, these URLs must be within the allowed set of URLs. For extensions, all URLs are inside the extension and considered relative to the extension root URL.
449 </p> 452 </p>
450 <p> 453 <p>
451 The "title" is displayed in the intent picker UI when the user initiates the act ion specific to the handler. 454 The "title" is displayed in the intent picker UI when the user initiates the act ion specific to the handler.
452 </p> 455 </p>
453 <p> 456 <p>
454 The "disposition" is either "inline" or "window". Intents with "window" disposit ion will open a new tab when invoked. Intents with "inline" disposition will be displayed inside the intent picker when invoked. 457 The "disposition" is either "inline" or "window". Intents with "window" disposit ion will open a new tab when invoked. Intents with "inline" disposition will be displayed inside the intent picker when invoked.
455 </p> 458 </p>
456 <p> 459 <p>
457 For more information on intents, refer to the <a href="http://dvcs.w3.org/hg/web -intents/raw-file/tip/spec/Overview.html">Web Intents specification</a> and <a h ref="http://www.webintents.org">webintents.org</a>. 460 For more information on intents, refer to the <a href="http://dvcs.w3.org/hg/web -intents/raw-file/tip/spec/Overview.html">Web Intents specification</a> and <a h ref="http://www.webintents.org">webintents.org</a>.
458 </p> 461 </p>
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after
773 <a href="tts.html">chrome.tts</a> module. </td> 776 <a href="tts.html">chrome.tts</a> module. </td>
774 </tr> 777 </tr>
775 <tr> 778 <tr>
776 <td> "ttsEngine" </td> 779 <td> "ttsEngine" </td>
777 <td> Required if the extension uses the 780 <td> Required if the extension uses the
778 <a href="ttsEngine.html">chrome.ttsEngine</a> module. </td> 781 <a href="ttsEngine.html">chrome.ttsEngine</a> module. </td>
779 </tr> 782 </tr>
780 <tr> 783 <tr>
781 <td> "unlimitedStorage"</td> 784 <td> "unlimitedStorage"</td>
782 <td> Provides an unlimited quota for storing HTML5 client-side data, 785 <td> Provides an unlimited quota for storing HTML5 client-side data,
783 such as databases and local storage files. 786 such as databases and local storage files.
784 Without this permission, the extension is limited to 787 Without this permission, the extension is limited to
785 5 MB of local storage. 788 5 MB of local storage.
786 <p class="note"> 789 <p class="note">
787 <b>Note:</b> 790 <b>Note:</b>
788 This permission applies only to Web SQL Database and application cache 791 This permission applies only to Web SQL Database and application cache
789 (see issue <a href="http://crbug.com/58985">58985</a>). 792 (see issue <a href="http://crbug.com/58985">58985</a>).
790 Also, it doesn't currently work with wildcard subdomains such as 793 Also, it doesn't currently work with wildcard subdomains such as
791 <code>http://*.example.com</code>. 794 <code>http://*.example.com</code>.
792 </p> 795 </p>
793 </td> 796 </td>
794 </tr><tr> 797 </tr><tr>
795 </tr><tr> 798 </tr><tr>
796 <td> "webNavigation" </td> 799 <td> "webNavigation" </td>
797 <td> Required if the extension uses the 800 <td> Required if the extension uses the
798 <a href="webNavigation.html">chrome.webNavigation</a> module. </td> 801 <a href="webNavigation.html">chrome.webNavigation</a> module. </td>
799 </tr> 802 </tr>
800 <tr> 803 <tr>
801 <td> "webRequest" </td> 804 <td> "webRequest" </td>
802 <td> Required if the extension uses the 805 <td> Required if the extension uses the
(...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after
931 <code>chrome-extension://[PACKAGE ID]/[PATH]</code>, which can be generated with 934 <code>chrome-extension://[PACKAGE ID]/[PATH]</code>, which can be generated with
932 the <a href="extension.html#method-getURL"> 935 the <a href="extension.html#method-getURL">
933 <code>chrome.extension.getURL</code> 936 <code>chrome.extension.getURL</code>
934 </a> method. Whitelisted resources are served with appropriate 937 </a> method. Whitelisted resources are served with appropriate
935 <a href="http://www.w3.org/TR/cors/">CORS</a> headers, so they're available via 938 <a href="http://www.w3.org/TR/cors/">CORS</a> headers, so they're available via
936 mechanisms like XHR. 939 mechanisms like XHR.
937 </p> 940 </p>
938 <p> 941 <p>
939 Injected content scripts themselves do not need to be whitelisted. 942 Injected content scripts themselves do not need to be whitelisted.
940 </p> 943 </p>
941 <h4>Default Availablility</h4> 944 <h4>Default Availability</h4>
942 <p> 945 <p>
943 Resources inside of packages using <a href="#manifest_version"> 946 Resources inside of packages using <a href="#manifest_version"><code>manifest_ve rsion</code></a>
944 <code>manifest_version</code> 947 2 or above are <strong>blocked by default</strong>, and must be whitelisted
945 </a> 2 or above are <strong>blocked by default</strong>, and must be whitelisted
946 for use via this property. 948 for use via this property.
947 </p> 949 </p>
948 <p> 950 <p>
949 Resources inside of packages using <code>manifest_version</code> 1 are available 951 Resources inside of packages using <code>manifest_version</code> 1 are available
950 by default, but <em>if</em> you do set this property, then it will be treated as 952 by default, but <em>if</em> you do set this property, then it will be treated as
951 a complete list of all whitelisted resources. Resources not listed will be 953 a complete list of all whitelisted resources. Resources not listed will be
952 blocked. 954 blocked.
953 </p> 955 </p>
956 <h3 id="sandboxed_pages">sandboxed_pages</h3>
957 <p>
958 A list of paths (relative to the package root) to pages that are to be served
959 in a sandboxed unique origin, and optionally a Content Security Policy to use
960 with them. Being in a sandbox has two implications:
961 </p>
962 <ol>
963 <li>A sandboxed page will not have access to extension or app APIs, or
964 direct access to non-sandboxed pages (it may communicate with them via
965 <code>postMessage()</code>).</li>
966 <li>A sandboxed page is not subject to the
967 <a href="contentSecurityPolicy.html">Content Security Policy (CSP)</a> used
968 by the rest of the app or extension (it has its own separate CSP value). This
969 means that, for example, it can use inline script and <code>eval</code>.</li>
970 </ol>
971 <p>For example, here's how to specify that two extension pages are to be served
972 in a sandbox with a custom CSP:</p>
973 <pre>{
974 ...
975 "sandboxed_pages": {
976 "pages": [
977 "page1.html",
978 "directory/page2.html"
979 ]
980 <i>// content_security_policy is optional.</i>
981 "content_security_policy":
982 "sandbox allow-scripts: script-src https://www.google.com"
983 ],
984 ...
985 }</pre>
986 <p>
987 The sandbox is enforced by using the
988 <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe- element.html#attr-iframe-sandbox">HTML5 sandbox</a>
989 with the tokens <code>allow-scripts allow-forms</code>. You can specify a
990 different CSP value to use instead, but it must have the <code>sandbox</code>
991 directive and may not have the <code>allow-same-origin</code> token.
992 </p>
993 <p>
994 Note that you only need to list pages that you expected to be loaded in
995 windows or frames. Resources used by sandboxed pages (e.g. stylesheets or
996 JavaScript source files) do not need to appear in the
997 <code>sandboxed_page</code> list, they will use the sandbox of the page
998 that embeds them.
999 </p>
1000 <p>
1001 Sandboxed page may only be specified when using
1002 <a href="#manifest_version"><code>manifest_version</code></a> 2 or above.
1003 </p>
954 </div> 1004 </div>
955 <!-- API PAGE --> 1005 <!-- API PAGE -->
956 <!-- /apiPage --> 1006 <!-- /apiPage -->
957 </div> <!-- /gc-pagecontent --> 1007 </div> <!-- /gc-pagecontent -->
958 </div> <!-- /g-section --> 1008 </div> <!-- /g-section -->
959 </div> <!-- /codesiteContent --> 1009 </div> <!-- /codesiteContent -->
960 <div id="gc-footer" --=""> 1010 <div id="gc-footer" --="">
961 <div class="text"> 1011 <div class="text">
962 <p> 1012 <p>
963 Except as otherwise <a href="http://code.google.com/policies.html#restrictions ">noted</a>, 1013 Except as otherwise <a href="http://code.google.com/policies.html#restrictions ">noted</a>,
(...skipping 20 matching lines...) Expand all
984 _uff=0; 1034 _uff=0;
985 urchinTracker(); 1035 urchinTracker();
986 } 1036 }
987 catch(e) {/* urchinTracker not available. */} 1037 catch(e) {/* urchinTracker not available. */}
988 </script> 1038 </script>
989 <!-- end analytics --> 1039 <!-- end analytics -->
990 </div> 1040 </div>
991 </div> <!-- /gc-footer --> 1041 </div> <!-- /gc-footer -->
992 </div> <!-- /gc-container --> 1042 </div> <!-- /gc-container -->
993 </body></html> 1043 </body></html>
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698