| OLD | NEW |
|---|
| 1 <h1>Embed Content</h1> | 1 <h1>Embed Content</h1> |
| 2 | 2 |
| 3 | 3 |
| 4 <p> | 4 <p> |
| 5 The <a href="app_architecture.html#security">packaged apps security model</a> di
sallows | 5 The <a href="app_architecture.html#security">packaged apps security model</a> di
sallows |
| 6 external content in iframes and | 6 external content in iframes and |
| 7 the use of inline scripting and <code>eval()</code>. | 7 the use of inline scripting and <code>eval()</code>. |
| 8 You can override these restrictions, | 8 You can override these restrictions, |
| 9 but your external content must be isolated from the app. | 9 but your external content must be isolated from the app. |
| 10 </p> | 10 </p> |
| 11 | 11 |
| 12 <p> | 12 <p> |
| 13 Isolated content cannot directly | 13 Isolated content cannot directly |
| 14 access the app's data or any of the APIs. | 14 access the app's data or any of the APIs. |
| 15 Use cross-origin XMLHttpRequests | 15 Use cross-origin XMLHttpRequests |
| 16 and post-messaging to communicate between the event page and sandboxed content | 16 and post-messaging to communicate between the event page and sandboxed content |
| 17 and indirectly access the APIs. | 17 and indirectly access the APIs. |
| 18 </p> | 18 </p> |
| 19 | 19 |
| 20 <p class="note"> | 20 <p class="note"> |
| 21 <b>API Samples: </b> | 21 <b>API Sample: </b> |
| 22 Want to play with the code? | 22 Want to play with the code? |
| 23 Check out the | 23 Check out the |
| 24 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/eval-in-
iframe">eval-in-iframe</a> | 24 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/sandbox"
>sandbox</a> sample. |
| 25 and <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/rege
x-tester">regex-tester</a> samples. | |
| 26 </p> | 25 </p> |
| 27 | 26 |
| 28 <h2 id="external">Referencing external resources</h2> | 27 <h2 id="external">Referencing external resources</h2> |
| 29 | 28 |
| 30 <p> | 29 <p> |
| 31 The <a href="app_csp.html">Content Security Policy</a> used by apps disallows | 30 The <a href="app_csp.html">Content Security Policy</a> used by apps disallows |
| 32 the use of many kinds of remote URLs, so you can't directly reference external | 31 the use of many kinds of remote URLs, so you can't directly reference external |
| 33 images, stylesheets, or fonts from an app page. Instead, you can use use | 32 images, stylesheets, or fonts from an app page. Instead, you can use use |
| 34 cross-origin XMLHttpRequests to fetch these resources, | 33 cross-origin XMLHttpRequests to fetch these resources, |
| 35 and then serve them via <code>blob:</code> URLs. | 34 and then serve them via <code>blob:</code> URLs. |
| (...skipping 236 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 272 </p> | 271 </p> |
| 273 | 272 |
| 274 <pre> | 273 <pre> |
| 275 var messageHandler = function(e) { | 274 var messageHandler = function(e) { |
| 276 console.log('Background script says hello.', e.data); | 275 console.log('Background script says hello.', e.data); |
| 277 }; | 276 }; |
| 278 | 277 |
| 279 window.addEventListener('message', messageHandler); | 278 window.addEventListener('message', messageHandler); |
| 280 </pre> | 279 </pre> |
| 281 | 280 |
| 282 <p class="backtotop"><a href="#top">Back to top</a></p> | 281 <p class="backtotop"><a href="#top">Back to top</a></p> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 10825266:
Update references to sandbox app samples. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src