Fix some typos, broken links and other issues in extension docs

chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html

 <h1>Content Security Policy (CSP)</h1>
 
 
 <p>
-  In order to mitigate a large class of potental cross-site scripting issues,
+  In order to mitigate a large class of potential cross-site scripting issues,
   Chrome's extension system has incorporated the general concept of
   <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html">
     <strong>Content Security Policy (CSP)</strong>
   </a>. This introduces some fairly strict policies that will make extensions
   more secure by default, and provides you with the ability to create and
   enforce rules governing the types of content that can be loaded and executed
   by your extensions and applications.
 </p>
 
 <p>
   In general, CSP works as a black/whitelisting mechanism for resources loaded
   or executed by your extensions. Defining a reasonable policy for your
   extension enables you to carefully consider the resources that your extension
   requires, and to ask the browser to ensure that those are the only resources
   your extension has access to. These policies provide security over and above
-  the <a href="manifest.html#permissions">host permissions</a> your extension
+  the <a href="declare_permissions.html">host permissions</a> your extension
   requests; they're an additional layer of protection, not a replacement.
 </p>
 
 <p>
   On the web, such a policy is defined via an HTTP header or <code>meta</code>
   element. Inside Chrome's extension system, neither is an appropriate
   mechanism. Instead, an extension's policy is defined via the extension's
   <a href="manifest.html"><code>manifest.json</code></a> file as follows:
 </p>
 
@@ skipping 11 matching lines @@
     "An Introduction to Content Security Policy"
   </a> article on HTML5Rocks.
 </p>
 
 <h2 id="restrictions">Default Policy Restrictions</h2>
 
 <p>
   Packages that do not define a <a href="manifestVersion.html">
     <code>manifest_version</code>
   </a> have no default content security policy. Those that select
-  <code>manifest_version</code></a> 2, have a default content security policy
+  <code>manifest_version</code> 2, have a default content security policy
   of:
 </p>
 
 <pre>script-src 'self'; object-src 'self'</pre>
 
 <p>
   This policy adds security by limiting extensions and applications in three 
   ways:
 </p>
 
 <h3 id="JSEval">Eval and related functions are disabled</h3>
 
 <p>Code like the following does not work:</p>
 
 <pre>
 alert(eval("foo.bar.baz"));
 window.setTimeout("alert('hi')", 10);
-window.setInteral("alert('hi')", 10);
+window.setInterval("alert('hi')", 10);
 new Function("return foo.bar.baz");
 </pre>
 
 <p>Evaluating strings of JavaScript like this is a common XSS attack vector.
 Instead, you should write code like:
 
 <pre>
 alert(foo && foo.bar && foo.bar.baz);
 window.setTimeout(function() { alert('hi'); }, 10);
 window.setInterval(function() { alert('hi'); }, 10);
@@ skipping 249 matching lines @@
 
 <p>
   You may, of course, tighten this policy to whatever extent your extension
   allows in order to increase security at the expense of convenience. To specify
   that your extension can only load resources of <em>any</em> type (images, etc)
   from its own package, for example, a policy of <code>default-src 'self'</code>
   would be appropriate. The <a href="samples.html#mappy">Mappy</a> sample
   extension is a good example of an extension that's been locked down above and
   beyond the defaults.
 </p>