Update the extension documentation to explain manifest_version.

chrome/common/extensions/docs/static/manifest.html

 <div id="pageData-name" class="pageData">Formats: Manifest Files</div>
 <div id="pageData-showTOC" class="pageData">true</div>
 
 <p>
 Every extension, installable web app, and theme has a
 <a href="http://www.json.org">JSON</a>-formatted manifest file,
 named <code>manifest.json</code>,
 that provides important information.
 </p>
 
 <h2 id="overview"> Field summary </h2>
 
 <p>
 The following code shows the supported manifest fields,
 with links to the page that discusses each field.
 The only fields that are always required
 are <b>name</b> and <b>version</b>.
 </p>
 
 <pre>
 {
   <em>// Required</em>
   "<a href="#name">name</a>": "<em>My Extension</em>",
   "<a href="#version">version</a>": "<em>versionString</em>",
+  "<a href="#manifest_version">manifest_version</a>": 2,
 
   <em>// Recommended</em>
   "<a href="#description">description</a>": "<em>A plain text description</em>",
   "<a href="#icons">icons</a>": { ... },
   "<a href="#default_locale">default_locale</a>": "<em>en</em>",
 
   <em>// Pick one (or none)</em>
   "<a href="browserAction.html">browser_action</a>": {...},
   "<a href="pageAction.html">page_action</a>": {...},
   "<a href="themes.html">theme</a>": {...},
@@ skipping 70 matching lines @@
 The description should be suitable for both
 the browser's extension management UI
 and the <a href="https://chrome.google.com/webstore">Chrome Web Store</a>.
 You can specify locale-specific strings for this field;
 see <a href="i18n.html">Internationalization</a> for details.
 </p>
 
 <h3 id="content_security_policy">content_security_policy</h3>
 
 <p>
-A security policy to apply to resources in your extension.
-You can use this policy to help prevent cross-site scripting
-vulnerabilities in your extension.
-To specify that your extension loads resources
-only from its own package, use the following policy:
+A security policy to apply to resources in your extension. You can use this
+policy to help prevent cross-site scripting vulnerabilities in your extension.
+By default, the extension system enforces the following policy:
+</p>
+
+<pre>script-src 'self'; object-src 'self'</pre>
+
+<p>
+Extensions can tighten their policy using the
+<code>content_security_policy</code> manifest attribute. For example, to
+specify that your extension loads resources only from its own package, use the
+following policy:
 </p>
 
 <pre>"content_security_policy": "default-src 'self' " </pre>
 
 <p>
 If you need to load resources from websites,
 you can add them to the whitelist.
 For example, if your extension uses Google Analytics,
 you might use the following policy:
 </p>
 
 <pre>"content_security_policy": "default-src 'self' https://ssl.google-analytics.com"</pre>
 
 <p>
+However, the extension system will prevent you including insecure resources

[mkearney, 2011/12/08 23:52:22]

Suggestion to remove 'however'.

+for <code>script-src</code> or <code>object-src</code>. (If you are using

[mkearney, 2011/12/08 23:52:22]

Suggestion to take this sentence out of parentheses.

+<code>eval</code> to parse JSON, please consider using <code>JSON.parse</code>
+instead.)
+</p>
+
+<p>
 For details, see the
 <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html">Content Security Policy specification</a>.
 </p>
 
 
 <h3 id="homepage_url">homepage_url</h3>
 
 <p>
 The URL of the homepage for this extension. The extensions management page (chrome://extensions)
 will contain a link to this URL.  This field is particularly useful if you
@@ skipping 504 matching lines @@
 <p>
 A missing integer is equal to zero.
 For example, 1.1.9.9999 is newer than 1.1.
 </p>
 
 <p>
 For more information, see
 <a href="autoupdate.html">Autoupdating</a>.
 </p>
 
+
+<h3 id="manifest_version">manifest_version</h3>
+
+<p>
+The version of the manifest format that this extension uses. Currently,
+extensions should use the value <code>2</code> (without quotes):
+</p>
+
+<pre>"manifest_version": 2</pre>
+
+<p>
+A larger number might be required in the future if there are breaking changes

[mkearney, 2011/12/08 23:52:22]

I think this can be worded better. How about:

Future breaking changes to the extension system may require a new version
number.

+to the extension system.
+</p>
+
+
 <!-- [PENDING: Possibly: point to the store/dashboard and make a big deal of the fact that autoupdating is free if you use them.] -->