Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(795)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/extensions/docs/extensions/manifest.html

Issue 10825056: Update the `sandbox` documentation to point to new workflow docs. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Mihai's feedback. Created 8 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/common/extensions/docs/apps/manifest.html ('k') | chrome/common/extensions/docs/static/manifest.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/docs/extensions/manifest.html
diff --git a/chrome/common/extensions/docs/extensions/manifest.html b/chrome/common/extensions/docs/extensions/manifest.html
index 866caad0304739eb7c3c105acc6140a527328611..0e181a6e08f43ec31646cadcae78b6356a079b90 100644
--- a/chrome/common/extensions/docs/extensions/manifest.html
+++ b/chrome/common/extensions/docs/extensions/manifest.html
@@ -276,7 +276,7 @@ are <b>name</b> and <b>version</b>.
"<a href="background_pages.html">background</a>": {...},
"<a href="override.html">chrome_url_overrides</a>": {...},
"<a href="content_scripts.html">content_scripts</a>": [...],
- "<a href="contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
+ "<a href="../extensions/contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
"<a href="fileBrowserHandler.html">file_browser_handlers</a>": [...],
"<a href="#homepage_url">homepage_url</a>": "http://<em>path/to/homepage</em>",
"<a href="#incognito">incognito</a>": "spanning" <em>or</em> "split",
@@ -979,14 +979,14 @@ with them. Being in a sandbox has two implications:
<li>A sandboxed page will not have access to extension or app APIs, or
direct access to non-sandboxed pages (it may communicate with them via
<code>postMessage()</code>).</li>
-<li>A sandboxed page is not subject to the
-<a href="contentSecurityPolicy.html">Content Security Policy (CSP)</a> used
-by the rest of the app or extension (it has its own separate CSP value). This
-means that, for example, it can use inline script and <code>eval</code>.</li>
-</ol>
-<p>For example, here's how to specify that two extension pages are to be served
-in a sandbox with a custom CSP:</p>
-<pre>{
+<li>
+ <p>A sandboxed page is not subject to the
+ <a href="../extensions/contentSecurityPolicy.html">Content Security Policy (CSP)</a> used
+ by the rest of the app or extension (it has its own separate CSP value). This
+ means that, for example, it can use inline script and <code>eval</code>.</p>
+ <p>For example, here's how to specify that two extension pages are to be
+ served in a sandbox with a custom CSP:</p>
+ <pre>{
...
"sandbox": {
"pages": [
@@ -999,14 +999,16 @@ in a sandbox with a custom CSP:</p>
],
...
}</pre>
-<p>
-If not specified, the default <code>content_security_policy</code> value is
-<code>sandbox allow-scripts allow-forms</code>. You can specify your CSP
-value to restrict the sandbox even further, but it must have the <code>sandbox</code>
-directive and may not have the <code>allow-same-origin</code> token (see
-<a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox">the
-HTML5 specification</a> for possible sandbox tokens).
-</p>
+ <p>
+ If not specified, the default <code>content_security_policy</code> value is
+ <code>sandbox allow-scripts allow-forms</code>. You can specify your CSP
+ value to restrict the sandbox even further, but it must have the <code>sandbox</code>
+ directive and may not have the <code>allow-same-origin</code> token (see
+ <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox">the
+ HTML5 specification</a> for possible sandbox tokens).
+ </p>
+</li>
+</ol>
<p>
Note that you only need to list pages that you expected to be loaded in
windows or frames. Resources used by sandboxed pages (e.g. stylesheets or
@@ -1015,6 +1017,12 @@ JavaScript source files) do not need to appear in the
that embeds them.
</p>
<p>
+<a href="sandboxingEval.html">"Using eval in Chrome Extensions. Safely."</a>
+goes into more detail about implementing a sandboxing workflow that enables use
+of libraries that would otherwise have issues executing under extension's
+<a href="../extensions/contentSecurityPolicy.html">default Content Security Policy</a>.
+</p>
+<p>
Sandboxed page may only be specified when using
<a href="#manifest_version"><code>manifest_version</code></a> 2 or above.
</p>
« no previous file with comments | « chrome/common/extensions/docs/apps/manifest.html ('k') | chrome/common/extensions/docs/static/manifest.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698