Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(142)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/server2/templates/articles/sandboxingEval.html

Issue 10834130: Extensions Docs Server: Doc conversion script - SVN (Closed) Base URL: https://src.chromium.org/chrome/trunk/src/
Patch Set: Created 8 years, 4 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/docs/server2/templates/articles/publish_app.html ('k') | chrome/common/extensions/docs/server2/templates/articles/themes.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <div id="pageData-name" class="pageData">Using eval in Chrome Extensions. Safely .</div> 1 <h1>Using eval in Chrome Extensions. Safely.</h1>
2 <div id="pageData-showTOC" class="pageData">true</div> 2
3 3
4 <p> 4 <p>
5 Chrome's extension system enforces a fairly strict default 5 Chrome's extension system enforces a fairly strict default
6 <a href='contentSecurityPolicy.html'> 6 <a href='contentSecurityPolicy.html'>
7 <strong>Content Security Policy (CSP)</strong> 7 <strong>Content Security Policy (CSP)</strong>
8 </a>. The policy restrictions are straightforward: script must be moved 8 </a>. The policy restrictions are straightforward: script must be moved
9 out-of-line into separate JavaScript files, inline event handlers must be 9 out-of-line into separate JavaScript files, inline event handlers must be
10 converted to use <code>addEventListener</code>, and <code>eval()</code> is 10 converted to use <code>addEventListener</code>, and <code>eval()</code> is
11 disabled. Chrome Apps have an 11 disabled. Chrome Apps have an
12 <a href='http://developer.chrome.com/trunk/apps/app_csp.html'>even more strict 12 <a href='http://developer.chrome.com/trunk/apps/app_csp.html'>even more strict
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after
188 <p> 188 <p>
189 This mechanism makes templating straightforward, but it of course isn't 189 This mechanism makes templating straightforward, but it of course isn't
190 limited to templating. Any code that doesn't work out of the box under a 190 limited to templating. Any code that doesn't work out of the box under a
191 strict Content Security Policy can be sandboxed; in fact, it's often useful 191 strict Content Security Policy can be sandboxed; in fact, it's often useful
192 to sandbox components of your extensions that <em>would</em> run correctly in 192 to sandbox components of your extensions that <em>would</em> run correctly in
193 order to restrict each piece of your program to the smallest set of privileges 193 order to restrict each piece of your program to the smallest set of privileges
194 necessary for it to properly execute. The 194 necessary for it to properly execute. The
195 <a href="http://www.youtube.com/watch?v=GBxv8SaX0gg">Writing Secure Web Apps 195 <a href="http://www.youtube.com/watch?v=GBxv8SaX0gg">Writing Secure Web Apps
196 and Chrome Extensions</a> presentation from Google I/O 2012 gives some good 196 and Chrome Extensions</a> presentation from Google I/O 2012 gives some good
197 examples of these technique in action, and is worth 56 minutes of your time. 197 examples of these technique in action, and is worth 56 minutes of your time.
198 </p> 198 </p>
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/server2/templates/articles/publish_app.html ('k') | chrome/common/extensions/docs/server2/templates/articles/themes.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698