Update the `sandbox` documentation to point to new workflow docs.

chrome/common/extensions/docs/static/manifest.html

Index: chrome/common/extensions/docs/static/manifest.html
diff --git a/chrome/common/extensions/docs/static/manifest.html b/chrome/common/extensions/docs/static/manifest.html
index 3d010f17c572570fc48903307ee8a4828eb869c5..6aac15669a538cb6789df464f0d9cbe8b485a2f9 100644
--- a/chrome/common/extensions/docs/static/manifest.html
+++ b/chrome/common/extensions/docs/static/manifest.html
@@ -39,7 +39,7 @@ are <b>name</b> and <b>version</b>.
   "<a href="background_pages.html">background</a>": {...},
   "<a href="override.html">chrome_url_overrides</a>": {...},
   "<a href="content_scripts.html">content_scripts</a>": [...],
-  "<a href="contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
+  "<a href="../extensions/contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
   "<a href="fileBrowserHandler.html">file_browser_handlers</a>": [...],
   "<a href="#homepage_url">homepage_url</a>": "http://<em>path/to/homepage</em>",
   "<a href="#incognito">incognito</a>": "spanning" <em>or</em> "split",
@@ -847,16 +847,17 @@ with them. Being in a sandbox has two implications:
 <li>A sandboxed page will not have access to extension or app APIs, or
 direct access to non-sandboxed pages (it may communicate with them via
 <code>postMessage()</code>).</li>
-<li>A sandboxed page is not subject to the
-<a href="contentSecurityPolicy.html">Content Security Policy (CSP)</a> used
-by the rest of the app or extension (it has its own separate CSP value). This
-means that, for example, it can use inline script and <code>eval</code>.</li>
-</ol>
+<li>
+  <p>A sandboxed page is not subject to the
+  <a href="../extensions/contentSecurityPolicy.html">Content Security Policy
+  (CSP)</a> used by the rest of the app or extension (it has its own separate
+  CSP value). This means that, for example, it can use inline script and
+  <code>eval</code>.</p>
 
-<p>For example, here's how to specify that two extension pages are to be served
-in a sandbox with a custom CSP:</p>
+  <p>For example, here's how to specify that two extension pages are to be
+  served in a sandbox with a custom CSP:</p>
 
-<pre>{
+  <pre>{
   ...
   "sandbox": {
     "pages": [
@@ -870,14 +871,16 @@ in a sandbox with a custom CSP:</p>
   ...
 }</pre>
 
-<p>
-If not specified, the default <code>content_security_policy</code> value is
-<code>sandbox allow-scripts allow-forms</code>. You can specify your CSP
-value to restrict the sandbox even further, but it must have the <code>sandbox</code>
-directive and may not have the <code>allow-same-origin</code> token (see
-<a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox">the
-HTML5 specification</a> for possible sandbox tokens).
-</p>
+  <p>
+  If not specified, the default <code>content_security_policy</code> value is
+  <code>sandbox allow-scripts allow-forms</code>. You can specify your CSP
+  value to restrict the sandbox even further, but it must have the <code>sandbox</code>
+  directive and may not have the <code>allow-same-origin</code> token (see
+  <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox">the
+  HTML5 specification</a> for possible sandbox tokens).
+  </p>
+</li>
+</ol>
 
 <p>
 Note that you only need to list pages that you expected to be loaded in
@@ -888,6 +891,14 @@ that embeds them.
 </p>
 
 <p>
+<a href="sandboxingEval.html">"Using eval in Chrome Extensions. Safely."</a>
+goes into more detail about implementing a sandboxing workflow that enables use
+of libraries that would otherwise have issues executing under extension's
+<a href="../extensions/contentSecurityPolicy.html">default Content Security
+Policy</a>.
+</p>
+
+<p>
 Sandboxed page may only be specified when using
 <a href="#manifest_version"><code>manifest_version</code></a> 2 or above.
 </p>