Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(42)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/server2/templates/articles/contentSecurityPolicy.html

Issue 10834130: Extensions Docs Server: Doc conversion script - SVN (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/docs/server2/templates/articles/background_pages.html ('k') | chrome/common/extensions/docs/server2/templates/articles/content_scripts.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <div id="pageData-name" class="pageData">Content Security Policy (CSP)</div> 1 <h1>Content Security Policy (CSP)</h1>
2 <div id="pageData-showTOC" class="pageData">true</div> 2
3 3
4 <p> 4 <p>
5 In order to mitigate a large class of potental cross-site scripting issues, 5 In order to mitigate a large class of potental cross-site scripting issues,
6 Chrome's extension system has incorporated the general concept of 6 Chrome's extension system has incorporated the general concept of
7 <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specif ication.dev.html"> 7 <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specif ication.dev.html">
8 <strong>Content Security Policy (CSP)</strong> 8 <strong>Content Security Policy (CSP)</strong>
9 </a>. This introduces some fairly strict policies that will make extensions 9 </a>. This introduces some fairly strict policies that will make extensions
10 more secure by default, and provides you with the ability to create and 10 more secure by default, and provides you with the ability to create and
11 enforce rules governing the types of content that can be loaded and executed 11 enforce rules governing the types of content that can be loaded and executed
12 by your extensions and applications. 12 by your extensions and applications.
(...skipping 251 matching lines...) Expand 10 before | Expand all | Expand 10 after
264 <h2>Tightening the default policy</h2> 264 <h2>Tightening the default policy</h2>
265 265
266 <p> 266 <p>
267 You may, of course, tighten this policy to whatever extent your extension 267 You may, of course, tighten this policy to whatever extent your extension
268 allows in order to increase security at the expense of convenience. To specify 268 allows in order to increase security at the expense of convenience. To specify
269 that your extension can only load resources of <em>any</em> type (images, etc) 269 that your extension can only load resources of <em>any</em> type (images, etc)
270 from its own package, for example, a policy of <code>default-src 'self'</code> 270 from its own package, for example, a policy of <code>default-src 'self'</code>
271 would be appropriate. The <a href="samples.html#mappy">Mappy</a> sample 271 would be appropriate. The <a href="samples.html#mappy">Mappy</a> sample
272 extension is a good example of an extension that's been locked down above and 272 extension is a good example of an extension that's been locked down above and
273 beyond the defaults. 273 beyond the defaults.
274 </p> 274 </p>
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/server2/templates/articles/background_pages.html ('k') | chrome/common/extensions/docs/server2/templates/articles/content_scripts.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698