Improving `content_security_policy` documentation.

chrome/common/extensions/docs/manifest.html

 <!DOCTYPE html><!-- This page is a placeholder for generated extensions api doc. Note:
     1) The <head> information in this page is significant, should be uniform
        across api docs and should be edited only with knowledge of the
        templating mechanism.
     3) All <body>.innerHTML is genereated as an rendering step. If viewed in a
        browser, it will be re-generated from the template, json schema and
        authored overview content.
     4) The <body>.innerHTML is also generated by an offline step so that this
        page may easily be indexed by search engines.
 --><html xmlns="http://www.w3.org/1999/xhtml"><head>
@@ skipping 316 matching lines @@
             </li><li>
               <a href="#H2-1">Field details</a>
               <ol>
                 <li>
                   <a href="#app">app</a>
                 </li><li>
                   <a href="#default_locale">default_locale</a>
                 </li><li>
                   <a href="#description">description</a>
                 </li><li>
-                  <a href="#content_security_policy">content_security_policy</a>
-                </li><li>
                   <a href="#homepage_url">homepage_url</a>
                 </li><li>
                   <a href="#icons">icons</a>
                 </li><li>
                   <a href="#incognito">incognito</a>
                 </li><li>
                   <a href="#key">key</a>
                 </li><li>
                   <a href="#minimum_chrome_version">minimum_chrome_version</a>
                 </li><li>
@@ skipping 65 matching lines @@
   <em>// Pick one (or none)</em>
   "<a href="browserAction.html">browser_action</a>": {...},
   "<a href="pageAction.html">page_action</a>": {...},
   "<a href="themes.html">theme</a>": {...},
   "<a href="#app">app</a>": {...},
 
   <em>// Add any of these that you need</em>
   "<a href="background_pages.html">background</a>": {...},
   "<a href="override.html">chrome_url_overrides</a>": {...},
   "<a href="content_scripts.html">content_scripts</a>": [...],
-  "<a href="#content_security_policy">content_security_policy</a>": "<em>policyString</em>",
+  "<a href="contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
   "<a href="fileBrowserHandler.html">file_browser_handlers</a>": [...],
   "<a href="#homepage_url">homepage_url</a>": "http://<em>path/to/homepage</em>",
   "<a href="#incognito">incognito</a>": "spanning" <em>or</em> "split",
   "<a href="#key">key</a>": "<em>publicKey</em>",
   "<a href="#minimum_chrome_version">minimum_chrome_version</a>": "<em>versionString</em>",
   "<a href="#nacl_modules">nacl_modules</a>": [...],
   "<a href="#offline_enabled">offline_enabled</a>": true,
   "<a href="omnibox.html">omnibox</a>": { "keyword": "<em>aString</em>" },
   "<a href="options.html">options_page</a>": "<em>aFile</em>.html",
   "<a href="#permissions">permissions</a>": [...],
@@ skipping 51 matching lines @@
 (no HTML or other formatting;
 no more than 132 characters)
 that describes the extension.
 The description should be suitable for both
 the browser's extension management UI
 and the <a href="https://chrome.google.com/webstore">Chrome Web Store</a>.
 You can specify locale-specific strings for this field;
 see <a href="i18n.html">Internationalization</a> for details.
 </p>
 
-<h3 id="content_security_policy">content_security_policy</h3>
-
-<p>
-A security policy to apply to resources in your extension. You can use this
-policy to help prevent cross-site scripting vulnerabilities in your extension.
-By default, the extension system enforces the following policy:
-</p>
-
-<pre>script-src 'self'; object-src 'self'</pre>
-
-<p>
-Extensions can tighten their policy using the
-<code>content_security_policy</code> manifest attribute. For example, to
-specify that your extension loads resources only from its own package, use the
-following policy:
-</p>
-
-<pre>"content_security_policy": "default-src 'self' " </pre>
-
-<p>
-If you need to load resources from websites,
-you can add them to the whitelist.
-For example, if your extension uses Google Analytics,
-you might use the following policy:
-</p>
-
-<pre>"content_security_policy": "default-src 'self' https://ssl.google-analytics.com"</pre>
-
-<p>
-The extension system will prevent you including insecure resources
-for <code>script-src</code> or <code>object-src</code>.  If you are using
-<code>eval</code> to parse JSON, please consider using <code>JSON.parse</code>
-instead.
-</p>
-
-<p>
-For details, see the
-<a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html">Content Security Policy specification</a>.
-</p>
-
-
 <h3 id="homepage_url">homepage_url</h3>
 
 <p>
 The URL of the homepage for this extension. The extensions management page (chrome://extensions)
 will contain a link to this URL.  This field is particularly useful if you
 <a href="hosting.html">host the extension on your own site</a>. If you distribute your
 extension using the <a href="https://chrome.google.com/webstore">Chrome Web Store</a>,
 the homepage URL defaults to the extension's own page.
 </p>
 
@@ skipping 767 matching lines @@
     _uff=0;
     urchinTracker();
   }
   catch(e) {/* urchinTracker not available. */}
 </script>
 <!-- end analytics -->
       </div>
     </div> <!-- /gc-footer -->
   </div> <!-- /gc-container -->
 </body></html>