| Index: chrome/common/extensions/docs/manifest.html
|
| diff --git a/chrome/common/extensions/docs/manifest.html b/chrome/common/extensions/docs/manifest.html
|
| index e1f4746b567fb106f173b3e6158503f5da67b0d6..9fcf0bee30972565aae3e78a287cee8139bf65dd 100644
|
| --- a/chrome/common/extensions/docs/manifest.html
|
| +++ b/chrome/common/extensions/docs/manifest.html
|
| @@ -334,8 +334,6 @@
|
| </li><li>
|
| <a href="#description">description</a>
|
| </li><li>
|
| - <a href="#content_security_policy">content_security_policy</a>
|
| - </li><li>
|
| <a href="#homepage_url">homepage_url</a>
|
| </li><li>
|
| <a href="#icons">icons</a>
|
| @@ -421,7 +419,7 @@ are <b>name</b> and <b>version</b>.
|
| "<a href="background_pages.html">background</a>": {...},
|
| "<a href="override.html">chrome_url_overrides</a>": {...},
|
| "<a href="content_scripts.html">content_scripts</a>": [...],
|
| - "<a href="#content_security_policy">content_security_policy</a>": "<em>policyString</em>",
|
| + "<a href="contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
|
| "<a href="fileBrowserHandler.html">file_browser_handlers</a>": [...],
|
| "<a href="#homepage_url">homepage_url</a>": "http://<em>path/to/homepage</em>",
|
| "<a href="#incognito">incognito</a>": "spanning" <em>or</em> "split",
|
| @@ -493,47 +491,6 @@ You can specify locale-specific strings for this field;
|
| see <a href="i18n.html">Internationalization</a> for details.
|
| </p>
|
|
|
| -<h3 id="content_security_policy">content_security_policy</h3>
|
| -
|
| -<p>
|
| -A security policy to apply to resources in your extension. You can use this
|
| -policy to help prevent cross-site scripting vulnerabilities in your extension.
|
| -By default, the extension system enforces the following policy:
|
| -</p>
|
| -
|
| -<pre>script-src 'self'; object-src 'self'</pre>
|
| -
|
| -<p>
|
| -Extensions can tighten their policy using the
|
| -<code>content_security_policy</code> manifest attribute. For example, to
|
| -specify that your extension loads resources only from its own package, use the
|
| -following policy:
|
| -</p>
|
| -
|
| -<pre>"content_security_policy": "default-src 'self' " </pre>
|
| -
|
| -<p>
|
| -If you need to load resources from websites,
|
| -you can add them to the whitelist.
|
| -For example, if your extension uses Google Analytics,
|
| -you might use the following policy:
|
| -</p>
|
| -
|
| -<pre>"content_security_policy": "default-src 'self' https://ssl.google-analytics.com"</pre>
|
| -
|
| -<p>
|
| -The extension system will prevent you including insecure resources
|
| -for <code>script-src</code> or <code>object-src</code>. If you are using
|
| -<code>eval</code> to parse JSON, please consider using <code>JSON.parse</code>
|
| -instead.
|
| -</p>
|
| -
|
| -<p>
|
| -For details, see the
|
| -<a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html">Content Security Policy specification</a>.
|
| -</p>
|
| -
|
| -
|
| <h3 id="homepage_url">homepage_url</h3>
|
|
|
| <p>
|
|
|
Chromium Code Reviews
Issue 9212044:
Improving `content_security_policy` documentation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src