Extensions Docs Server: Doc conversion script

chrome/common/extensions/docs/server2/templates/articles/manifest.html

+<h1 class="page_title">Formats: Manifest Files</h1>
+<div id="pageData-showTOC" class="pageData">true</div>
+<p>
+Every extension, installable web app, and theme has a
+<a href="http://www.json.org">JSON</a>-formatted manifest file,
+named <code>manifest.json</code>,
+that provides important information.
+</p>
+<h2 id="overview"> Field summary </h2>
+<p>
+The following code shows the supported manifest fields,
+with links to the page that discusses each field.
+The only fields that are always required
+are <b>name</b> and <b>version</b>.
+</p>
+<pre>
+{
+  <em>// Required</em>
+  "<a href="#name">name</a>": "<em>My Extension</em>",
+  "<a href="#version">version</a>": "<em>versionString</em>",
+  "<a href="#manifest_version">manifest_version</a>": 2,
+  <em>// Recommended</em>
+  "<a href="#description">description</a>": "<em>A plain text description</em>",
+  "<a href="#icons">icons</a>": { ... },
+  "<a href="#default_locale">default_locale</a>": "<em>en</em>",
+  <em>// Pick one (or none)</em>
+  "<a href="browserAction.html">browser_action</a>": {...},
+  "<a href="pageAction.html">page_action</a>": {...},
+  "<a href="themes.html">theme</a>": {...},
+  "<a href="#app">app</a>": {...},
+  <em>// Add any of these that you need</em>
+  "<a href="background_pages.html">background</a>": {...},
+  "<a href="override.html">chrome_url_overrides</a>": {...},
+  "<a href="content_scripts.html">content_scripts</a>": [...],
+  "<a href="../extensions/contentSecurityPolicy.html">content_security_policy</a>": "<em>policyString</em>",
+  "<a href="fileBrowserHandler.html">file_browser_handlers</a>": [...],
+  "<a href="#homepage_url">homepage_url</a>": "http://<em>path/to/homepage</em>",
+  "<a href="#incognito">incognito</a>": "spanning" <em>or</em> "split",
+  "<a href="#intents">intents</a>": {...}
+  "<a href="#key">key</a>": "<em>publicKey</em>",
+  "<a href="#minimum_chrome_version">minimum_chrome_version</a>": "<em>versionString</em>",
+  "<a href="#nacl_modules">nacl_modules</a>": [...],
+  "<a href="#offline_enabled">offline_enabled</a>": true,
+  "<a href="omnibox.html">omnibox</a>": { "keyword": "<em>aString</em>" },
+  "<a href="options.html">options_page</a>": "<em>aFile</em>.html",
+  "<a href="#permissions">permissions</a>": [...],
+  "<a href="npapi.html">plugins</a>": [...],
+  "<a href="#requirements">requirements</a>": {...},
+  "<a href="autoupdate.html">update_url</a>": "http://<em>path/to/updateInfo</em>.xml",
+  "<a href="#web_accessible_resources">web_accessible_resources</a>": [...],
+  "<a href="#sandbox">sandbox</a>": [...]
+}
+</pre>
+<h2>Field details</h2>
+<p>
+This section covers fields that aren't described in another page.
+For a complete list of fields,
+with links to where they're described in detail,
+see the <a href="#overview">Field summary</a>.
+</p>
+<h3 id="app">app</h3>
+<p>
+Used by installable web apps,
+including packaged apps,
+to specify the URLs that the app uses.
+Most important is the <em>launch page</em> for the app&mdash;the
+page that the browser goes to when the user clicks the app's icon
+in the New Tab page.
+</p>
+<p>
+For details, see the documentation for
+<a href="http://code.google.com/chrome/apps/docs/developers_guide.html">hosted apps</a> and
+<a href="apps.html">packaged apps</a>.
+</p>
+<h3 id="default_locale">default_locale</h3>
+<p>
+Specifies the subdirectory of <code>_locales</code>
+that contains the default strings for this extension.
+This field is <b>required</b> in extensions
+that have a <code>_locales</code> directory;
+it <b>must be absent</b> in extensions
+that have no <code>_locales</code> directory.
+For details, see
+<a href="i18n.html">Internationalization</a>.
+</p>
+<h3 id="description">description</h3>
+<p>
+A plain text string
+(no HTML or other formatting;
+no more than 132 characters)
+that describes the extension.
+The description should be suitable for both
+the browser's extension management UI
+and the <a href="https://chrome.google.com/webstore">Chrome Web Store</a>.
+You can specify locale-specific strings for this field;
+see <a href="i18n.html">Internationalization</a> for details.
+</p>
+<h3 id="homepage_url">homepage_url</h3>
+<p>
+The URL of the homepage for this extension. The extensions management page (chrome://extensions)
+will contain a link to this URL.  This field is particularly useful if you
+<a href="hosting.html">host the extension on your own site</a>. If you distribute your
+extension using the <a href="https://chrome.google.com/webstore">Chrome Web Store</a>,
+the homepage URL defaults to the extension's own page.
+</p>
+<h3 id="icons">icons</h3>
+<p>
+One or more icons that represent the extension, app, or theme.
+You should always provide a 128x128 icon;
+it's used during installation and by the Chrome Web Store.
+Extensions should also provide a 48x48 icon,
+which is used in the extensions management page
+(chrome://extensions).
+You can also specify a 16x16 icon to be used as the favicon
+for an extension's pages.
+The 16x16 icon is also displayed in the experimental extension
+<a href="experimental.infobars.html">infobar</a>
+feature.
+</p>
+<p>
+Icons should generally be in PNG format,
+because PNG has the best support for transparency.
+They can, however, be in any format supported by WebKit,
+including BMP, GIF, ICO, and JPEG.
+Here's an example of specifying the icons:
+</p>
+<pre>
+"icons": { "16": "icon16.png",
+           "48": "icon48.png",
+          "128": "icon128.png" },
+</pre>
+<p class="note">
+<b>Important:</b>
+Use only the documented icon sizes.
+<br><br>
+You might notice that Chrome sometimes resizes these icons down to smaller
+sizes. For example, the install dialog might shrink the 128-pixel
+icon down to 69 pixels.
+<br><br>
+However, the details of
+Chrome's UI may change between versions, and these changes assume that
+developers are using the documented sizes. If you use other sizes,
+your icon may look bad in future versions of the browser.
+</p>
+<p>
+If you upload your extension, app, or theme using the
+<a href="https://chrome.google.com/webstore/developer/dashboard">Chrome Developer Dashboard</a>,
+you'll need to upload additional images,
+including at least one screenshot of your extension.
+For more information,
+see the
+<a href="http://code.google.com/chrome/webstore/">Chrome Web Store
+developer documentation</a>.
+</p>
+<h3 id="incognito">incognito</h3>
+<p>
+Either "spanning" or "split", to specify how this extension will
+behave if allowed to run in incognito mode.
+</p>
+<p>
+The default for extensions is "spanning", which means that the extension
+will run in a single shared process. Any events or messages from an incognito
+tab will be sent to the shared process, with an <em>incognito</em> flag
+indicating where it came from. Because incognito tabs cannot use this shared
+process, an extension using the "spanning" incognito mode will not be able to
+load pages from its extension package into the main frame of an incognito tab.
+</p>
+<p>
+The default for installable web apps is "split",
+which means that all app pages in
+an incognito window will run in their own incognito process. If the app or extension contains a background page, that will also run in the incognito process.
+This incognito process runs along side the regular process, but has a separate
+memory-only cookie store. Each process sees events and messages only from its
+own context (for example, the incognito process will see only incognito tab updates).
+The processes are unable to communicate with each other.
+</p>
+<p>
+As a rule of thumb, if your extension or app needs to load a tab in an incognito browser, use
+<em>split</em> incognito behavior. If your extension or app needs to be logged
+into a remote server or persist settings locally, use <em>spanning</em>
+incognito behavior.
+</p>
+<h3 id="intents">intents</h3>
+<p>
+A dictionary that specifies all intent handlers provided by this extension or app. Each key in the dictionary specifies an action verb that is handled by this extension. The following example specifies two handlers for the action verb "<a href="http://webintents.org/share">http://webintents.org/share</a>".
+</p>
+<pre>
+{
+  "name": "test",
+  "version": "1",
+  "intents": {
+    "http://webintents.org/share": [
+      {
+        "type": ["text/uri-list"],
+        "href": "/services/sharelink.html",
+        "title" : "Sample Link Sharing Intent",
+        "disposition" : "inline"
+      },
+      {
+        "type": ["image/*"],
+        "href": "/services/shareimage.html",
+        "title" : "Sample Image Sharing Intent",
+        "disposition" : "window"
+      }
+    ]
+  }
+}
+</pre>
+<p>
+The value of "type" is an array of mime types that is supported by this handler. The "href" indicates the URL of the page that handles the intent. For hosted apps, these URLs must be within the allowed set of URLs. For extensions, all URLs are inside the extension and considered relative to the extension root URL.
+</p>
+<p>
+The "title" is displayed in the intent picker UI when the user initiates the action specific to the handler.
+</p>
+<p>
+The "disposition" is either "inline" or "window". Intents with "window" disposition will open a new tab when invoked. Intents with "inline" disposition will be displayed inside the intent picker when invoked.
+</p>
+<p>
+For more information on intents, refer to the <a href="http://dvcs.w3.org/hg/web-intents/raw-file/tip/spec/Overview.html">Web Intents specification</a> and <a href="http://www.webintents.org">webintents.org</a>.
+</p>
+<h4>Handling content types via intents</h4>
+<p>
+Web Intents can be registered as content type viewers. To do that, the action verb must be <a href="http://webintents.org/view">"http://webintents.org/view"</a>, and the content type must be a white-listed MIME type.
+</p>
+<table>
+  <tr>
+    <th>Whitelisted MIME types</th>
+  </tr>
+  <tr><td>application/rss+xml</td></tr>
+  <tr><td>application/atom+xml</td></tr>
+</table>
+<h3 id="key">key</h3>
+<p>
+This value can be used to control
+the unique ID of an extension, app, or theme when
+it is loaded during development.
+</p>
+<p class="note">
+<b>Note:</b> You don't usually need to
+use this value. Instead, write your
+code so that the key value doesn't matter
+by using <a href="overview.html#relative-urls">relative paths</a>
+and <a href="extension.html#method-getURL">chrome.extension.getURL()</a>.
+</p>
+<p>
+To get a suitable key value, first
+install your extension from a <code>.crx</code> file
+(you may need to
+<a href="https://chrome.google.com/webstore/developer/dashboard">upload your extension</a>
+or <a href="packaging.html">package it manually</a>).
+Then, in your
+<a href="http://www.chromium.org/user-experience/user-data-directory">user
+data directory</a>, look in the file
+<code>Default/Extensions/<em>&lt;extensionId&gt;</em>/<em>&lt;versionString&gt;</em>/manifest.json</code>.
+You will see the key value filled in there.
+</p>
+<h3 id="minimum_chrome_version">minimum_chrome_version</h3>
+<p>
+The version of Chrome that your extension, app, or theme requires, if any.
+The format for this string is the same as for the
+<a href="#version">version</a> field.
+<h3 id="name">name</h3>
+<p>
+A short, plain text string
+(no more than 45 characters)
+that identifies the extension.
+The name is used in the install dialog,
+extension management UI,
+and the <a href="https://chrome.google.com/webstore">store</a>.
+You can specify locale-specific strings for this field;
+see <a href="i18n.html">Internationalization</a> for details.
+</p>
+<h3 id="nacl_modules">nacl_modules</h3>
+<p>
+One or more mappings from MIME types to the Native Client module
+that handles each type.
+For example, the bold code in the following snippet
+registers a Native Client module as the content handler
+for the OpenOffice spreadsheet MIME type.
+</p>
+<pre>
+{
+  "name": "Native Client OpenOffice Spreadsheet Viewer",
+  "version": "0.1",
+  "description": "Open OpenOffice spreadsheets, right in your browser.",
+  <b>"nacl_modules": [{
+    "path": "OpenOfficeViewer.nmf",
+    "mime_type": "application/vnd.oasis.opendocument.spreadsheet"
+  }]</b>
+}
+</pre>
+<p>
+The value of "path" is the location of a Native Client manifest
+(a <code>.nmf</code> file)
+within the extension directory.
+For more information on Native Client and <code>.nmf</code> files, see the
+<a href="http://code.google.com/chrome/nativeclient/docs/technical_overview.html">Native Client Technical Overview</a>.
+</p>
+<p>
+Each MIME type can be associated with only one <code>.nmf</code> file,
+but a single <code>.nmf</code> file might handle multiple MIME types.
+The following example shows an extension
+with two <code>.nmf</code> files
+that handle three MIME types.
+</p>
+<pre>
+{
+  "name": "Spreadsheet Viewer",
+  "version": "0.1",
+  "description": "Open OpenOffice and Excel spreadsheets, right in your browser.",
+  "nacl_modules": [{
+    "path": "OpenOfficeViewer.nmf",
+    "mime_type": "application/vnd.oasis.opendocument.spreadsheet"
+  },
+  {
+    "path": "OpenOfficeViewer.nmf",
+    "mime_type": "application/vnd.oasis.opendocument.spreadsheet-template"
+  },
+  {
+    "path": "ExcelViewer.nmf",
+    "mime_type": "application/excel"
+  }]
+}
+</pre>
+<p class="note">
+<strong>Note:</strong>
+You can use Native Client modules in extensions
+without specifying "nacl_modules".
+Use "nacl_modules" only if you want the browser
+to use your Native Client module
+to display a particular type of content.
+</p>
+<h3 id="offline_enabled">offline_enabled</h3>
+<p>
+Whether the app or extension is expected to work offline. When Chrome detects
+that it is offline, apps with this field set to true will be highlighted
+on the New Tab page.
+</p>
+<h3 id="permissions">permissions</h3>
+<p>
+An array of permissions that the extension or app might use.
+Each permission can be either one of a list of known strings
+(such as "geolocation")
+or a match pattern
+that gives access to one or more hosts.
+Permissions can help to limit damage
+if your extension or app is attacked.
+Some permissions are also displayed to users before installation,
+as detailed in
+<a href="permission_warnings.html">Permission Warnings</a>.
+</p>
+<p>
+If an extension API requires you to declare a permission in the manifest,
+then its documentation tells you how to do so.
+For example,
+the <a href="tabs.html">Tabs</a> page
+shows you how to
+declare the "tabs" permission.
+</p>
+<p class="note">
+<b>Note:</b>
+As of Chrome 16, some permissions can be optional.
+For details, see
+<a href="permissions.html">Optional Permissions</a>.
+</p>
+<p>
+Here's an example of the permissions part of a manifest file
+for an extension:
+</p>
+<pre>
+"permissions": [
+  "tabs",
+  "bookmarks",
+  "http://www.blogger.com/",
+  "http://*.google.com/",
+  "unlimitedStorage"
+],
+</pre>
+<p>
+The following table lists the permissions an extension
+or packaged app can use.
+</p>
+<p class="note">
+<strong>Note:</strong>
+Hosted apps can use the
+"background", "clipboardRead", "clipboardWrite", "geolocation", "notifications",
+and "unlimitedStorage" permissions, but not any other permissions listed in this
+table.
+</p>
+<table>
+<tr>
+  <th> Permission </th> <th> Description </th>
+</tr>
+<tr>
+  <td> <em>match pattern</em> </td>
+  <td> Specifies a <em>host permission</em>.
+       Required if the extension wants to interact
+       with the code running on pages.
+       Many extension capabilities, such as
+       <a href="xhr.html">cross-origin XMLHttpRequests</a>,
+       <a href="content_scripts.html#pi">programmatically injected
+       content scripts</a>, and <a href="cookies.html">the cookies API</a>
+       require host permissions. For details on the syntax, see
+       <a href="match_patterns.html">Match Patterns</a>.
+  </td>
+</tr>
+<tr id="bg">
+  <td> "background" </td>
+  <td> <p>
+       Makes Chrome start up early and and shut down late,
+       so that apps and extensions can have a longer life.
+       </p>
+       <p>
+       When any installed hosted app, packaged app, or extension
+       has "background" permission, Chrome runs (invisibly)
+       as soon as the user logs into their computer&mdash;before
+       the user launches Chrome.
+       The "background" permission also makes Chrome continue running
+       (even after its last window is closed)
+       until the user explicitly quits Chrome.
+       </p>
+       <p class="note">
+       <b>Note:</b>
+       Disabled apps and extensions
+       are treated as if they aren't installed.
+       </p>
+       <p>
+       You typically use the "background" permission with a
+       <a href="background_pages.html">background page</a>
+       or (for hosted apps) a
+       <a href="http://code.google.com/chrome/apps/docs/background.html">background window</a>.
+       </p>
+       </td>
+</tr>
+<tr>
+  <td> "bookmarks" </td>
+  <td> Required if the extension uses the
+       <a href="bookmarks.html">chrome.bookmarks</a> module. </td>
+</tr>
+<tr>
+  <td> "chrome://favicon/" </td>
+  <td> Required if the extension uses the
+       "chrome://favicon/<em>url</em>" mechanism
+       to display the favicon of a page.
+       For example, to display the favicon of http://www.google.com/,
+       you declare the "chrome://favicon/" permission
+       and use HTML code like this:
+       <pre>&lt;img src="chrome://favicon/http://www.google.com/"></pre>
+       </td>
+</tr>
+<tr>
+  <td> "clipboardRead" </td>
+  <td> Required if the extension uses
+       <code>document.execCommand('paste')</code>. </td>
+</tr>
+<tr>
+  <td> "clipboardWrite" </td>
+  <td> Indicates the app or extension uses
+       <code>document.execCommand('copy')</code> or
+       <code>document.execCommand('cut')</code>. This permission is <b>required
+       for hosted apps</b>; it's recommended for extensions and packaged apps.
+       </td>
+</tr>
+<tr>
+  <td> "contentSettings" </td>
+  <td> Required if the extension uses the
+       <a href="contentSettings.html">chrome.contentSettings</a> module. </td>
+</tr>
+<tr>
+  <td> "contextMenus" </td>
+  <td> Required if the extension uses the
+       <a href="contextMenus.html">chrome.contextMenus</a> module. </td>
+</tr>
+<tr>
+  <td> "cookies" </td>
+  <td> Required if the extension uses the
+       <a href="cookies.html">chrome.cookies</a> module. </td>
+</tr>
+<tr>
+  <td> "experimental" </td>
+  <td> Required if the extension uses any
+       <a href="http://code.google.com/chrome/extensions/dev/experimental.html">chrome.experimental.* APIs</a>.</td>
+</tr>
+<tr>
+  <td id="fileBrowserHandler"> "fileBrowserHandler" </td>
+  <td> Required if the extension uses the
+       <a href="fileBrowserHandler.html">fileBrowserhandler</a> module. </td>
+</tr>
+<tr>
+  <td id="geolocation"> "geolocation" </td>
+  <td> Allows the extension to use the proposed HTML5
+       <a href="http://dev.w3.org/geo/api/spec-source.html">geolocation API</a>
+       without prompting the user for permission. </td>
+</tr>
+<tr>
+  <td> "history" </td>
+  <td> Required if the extension uses the
+       <a href="history.html">chrome.history</a> module. </td>
+</tr>
+<tr>
+  <td> "idle" </td>
+  <td> Required if the extension uses the
+       <a href="idle.html">chrome.idle</a> module. </td>
+</tr>
+<tr>
+  <td> "management" </td>
+  <td> Required if the extension uses the
+       <a href="management.html">chrome.management</a> module. </td>
+</tr>
+<tr>
+  <td> "notifications" </td>
+  <td> Allows the extension to use the proposed HTML5
+       <a href="http://www.chromium.org/developers/design-documents/desktop-notifications/api-specification">notification API</a>
+       without calling permission methods
+       (such as <code>checkPermission()</code>).
+       For more information see
+       <a href="notifications.html">Desktop Notifications</a>.</td>
+</tr>
+<tr>
+  <td> "privacy" </td>
+  <td> Required if the extension uses the
+       <a href="privacy.html">chrome.privacy</a> module. </td>
+</tr>
+<tr>
+  <td> "proxy" </td>
+  <td> Required if the extension uses the
+       <a href="proxy.html">chrome.proxy</a> module. </td>
+</tr>
+<tr>
+  <td> "storage" </td>
+  <td> Required if the extension uses the
+       <a href="storage.html">chrome.storage</a> module. </td>
+</tr>
+<tr>
+  <td> "tabs" </td>
+  <td> Required if the extension uses the
+       <a href="tabs.html">chrome.tabs</a> or
+       <a href="windows.html">chrome.windows</a> module. </td>
+</tr>
+<tr>
+  <td> "tts" </td>
+  <td> Required if the extension uses the
+       <a href="tts.html">chrome.tts</a> module. </td>
+</tr>
+<tr>
+  <td> "ttsEngine" </td>
+  <td> Required if the extension uses the
+       <a href="ttsEngine.html">chrome.ttsEngine</a> module. </td>
+</tr>
+<tr>
+  <td> "unlimitedStorage"</td>
+  <td> Provides an unlimited quota for storing HTML5 client-side data,
+       such as databases and local storage files.
+       Without this permission, the extension is limited to
+       5 MB of local storage.
+      <p class="note">
+      <b>Note:</b>
+      This permission applies only to Web SQL Database and application cache
+      (see issue <a href="http://crbug.com/58985">58985</a>).
+      Also, it doesn't currently work with wildcard subdomains such as
+      <code>http://*.example.com</code>.
+      </p>
+  </td>
+<tr>
+<tr>
+  <td> "webNavigation" </td>
+  <td> Required if the extension uses the
+       <a href="webNavigation.html">chrome.webNavigation</a> module. </td>
+</tr>
+<tr>
+  <td> "webRequest" </td>
+  <td> Required if the extension uses the
+       <a href="webRequest.html">chrome.webRequest</a> module. </td>
+</tr>
+<tr>
+  <td> "webRequestBlocking" </td>
+  <td> Required if the extension uses the
+       <a href="webRequest.html">chrome.webRequest</a> module in a blocking
+       fashion. </td>
+</tr>
+</tr>
+</table>
+<h3 id="requirements">requirements</h3>
+<p>
+Technologies required by the app or extension.
+Hosting sites such as the Chrome Web Store may use this list
+to dissuade users from installing apps or extensions
+that will not work on their computer.
+</p>
+<p>
+The only supported requirement is "3D",
+which denotes GPU hardware acceleration.
+For that requirement,
+you can list the 3D-related features your app requires,
+as demonstrated in the following example:
+</p>
+<pre>
+"requirements": {
+  "3D": {
+    "features": ["css3d", "webgl"]
+  }
+}
+</pre>
+<p>
+The "css3d" requirement refers to the
+<a href="http://www.w3.org/TR/css3-3d-transforms/">CSS 3D Transforms specification</a>,
+and the "webgl" requirement refers to the
+<a href="http://www.khronos.org/webgl/">WebGL API</a>.
+For more information on Chrome 3D graphics support,
+see the help article on
+<a href="http://www.google.com/support/chrome/bin/answer.py?answer=1220892">WebGL and 3D graphics</a>.
+Support for additional requirements checks may be added in the future.
+</p>
+<h3 id="version">version</h3>
+<p>
+One to four dot-separated integers
+identifying the version of this extension.
+A couple of rules apply to the integers:
+they must be between 0 and 65535, inclusive,
+and non-zero integers can't start with 0.
+For example, 99999 and 032 are both invalid.
+</p>
+<p>
+Here are some examples of valid versions:
+</p>
+<ul>
+  <li> <code>"version": "1"</code> </li>
+  <li> <code>"version": "1.0"</code> </li>
+  <li> <code>"version": "2.10.2"</code> </li>
+  <li> <code>"version": "3.1.2.4567"</code> </li>
+</ul>
+<p>
+The autoupdate system compares versions
+to determine whether an installed extension
+needs to be updated.
+If the published extension has a newer version string
+than the installed extension,
+then the extension is automatically updated.
+</p>
+<p>
+The comparison starts with the leftmost integers.
+If those integers are equal,
+the integers to the right are compared,
+and so on.
+For example, 1.2.0 is a newer version than 1.1.9.9999.
+</p>
+<p>
+A missing integer is equal to zero.
+For example, 1.1.9.9999 is newer than 1.1.
+</p>
+<p>
+For more information, see
+<a href="autoupdate.html">Autoupdating</a>.
+</p>
+<h3 id="manifest_version">manifest_version</h3>
+<p>
+One integer specifying the version of the manifest file format your package
+requires. As of Chrome 18, developers <em>should</em> specify <code>2</code>
+(without quotes) to use the format as described by this document:
+</p>
+<pre>"manifest_version": 2</pre>
+<p>
+Consider manifest version 1 <em>deprecated</em> as of Chrome 18. Version 2 is
+not yet <em>required</em>, but we will, at some point in the not-too-distant
+future, stop supporting packages using deprecated manifest versions. Extensions,
+applications, and themes that aren't ready to make the jump to the new manifest
+version in Chrome 18 can either explicitly specify version <code>1</code>, or
+leave the key off entirely.
+</p>
+<p>
+The changes between version 1 and version 2 of the manifest file format are
+described in detail in <a href="manifestVersion.html">the
+<code>manifest_version</code> documentation.</a>
+</p>
+<p class="caution">
+  Setting <code>manifest_version</code> 2 in Chrome 17 or lower is not
+  recommended. If your extension needs to work in older versions of Chrome,
+  stick with version 1 for the moment. We'll give you ample warning before
+  version 1 stops working.
+</p>
+<h3 id="web_accessible_resources">web_accessible_resources</h3>
+<p>
+An array of strings specifying the paths (relative to the package root) of
+packaged resources that are expected to be usable in the context of a web page.
+For example, an extension that injects a content script with the intention of
+building up some custom interface for <code>example.com</code> would whitelist
+any resources that interface requires (images, icons, stylesheets, scripts,
+etc.) as follows:
+</p>
+<pre>{
+  ...
+  "web_accessible_resources": [
+    "images/my-awesome-image1.png",
+    "images/my-amazing-icon1.png",
+    "style/double-rainbow.css",
+    "script/double-rainbow.js"
+  ],
+  ...
+}</pre>
+<p>
+These resources would then be available in a webpage via the URL
+<code>chrome-extension://[PACKAGE ID]/[PATH]</code>, which can be generated with
+the <a href="extension.html#method-getURL">
+  <code>chrome.extension.getURL</code>
+</a> method. Whitelisted resources are served with appropriate
+<a href="http://www.w3.org/TR/cors/">CORS</a> headers, so they're available via
+mechanisms like XHR.
+</p>
+<p>
+Injected content scripts themselves do not need to be whitelisted.
+</p>
+<p>
+Prior to manifest version 2 all resources within an extension could be accessed
+from any page on the web. This allowed a malicious website to
+<a href="http://en.wikipedia.org/wiki/Device_fingerprint">fingerprint</a> the
+extensions that a user has installed or exploit vulnerabilities (for example
+<a href="http://en.wikipedia.org/wiki/Cross-site_scripting">XSS bugs</a>)within
+installed extensions. Limiting availability to only resources which are
+explicitly intended to be web accessible serves to both minimize the available
+attack surface and protect the privacy of users.
+</p>
+<h4>Default Availability</h4>
+<p>
+Resources inside of packages using <a href="#manifest_version"><code>manifest_version</code></a>
+2 or above are <strong>blocked by default</strong>, and must be whitelisted
+for use via this property.
+</p>
+<p>
+Resources inside of packages using <code>manifest_version</code> 1 are available
+by default, but <em>if</em> you do set this property, then it will be treated as
+a complete list of all whitelisted resources. Resources not listed will be
+blocked.
+</p>
+<h3 id="sandbox">sandbox</h3>
+<p>
+Defines an collection of app or extension pages that are to be served
+in a sandboxed unique origin, and optionally a Content Security Policy to use
+with them. Being in a sandbox has two implications:
+</p>
+<ol>
+<li>A sandboxed page will not have access to extension or app APIs, or
+direct access to non-sandboxed pages (it may communicate with them via
+<code>postMessage()</code>).</li>
+<li>
+  <p>A sandboxed page is not subject to the
+  <a href="../extensions/contentSecurityPolicy.html">Content Security Policy
+  (CSP)</a> used by the rest of the app or extension (it has its own separate
+  CSP value). This means that, for example, it can use inline script and
+  <code>eval</code>.</p>
+  <p>For example, here's how to specify that two extension pages are to be
+  served in a sandbox with a custom CSP:</p>
+  <pre>{
+  ...
+  "sandbox": {
+    "pages": [
+      "page1.html",
+      "directory/page2.html"
+    ]
+    <i>// content_security_policy is optional.</i>
+    "content_security_policy":
+        "sandbox allow-scripts; script-src https://www.google.com"
+  ],
+  ...
+}</pre>
+  <p>
+  If not specified, the default <code>content_security_policy</code> value is
+  <code>sandbox allow-scripts allow-forms</code>. You can specify your CSP
+  value to restrict the sandbox even further, but it must have the <code>sandbox</code>
+  directive and may not have the <code>allow-same-origin</code> token (see
+  <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox">the
+  HTML5 specification</a> for possible sandbox tokens).
+  </p>
+</li>
+</ol>
+<p>
+Note that you only need to list pages that you expected to be loaded in
+windows or frames. Resources used by sandboxed pages (e.g. stylesheets or
+JavaScript source files) do not need to appear in the
+<code>sandboxed_page</code> list, they will use the sandbox of the page
+that embeds them.
+</p>
+<p>
+<a href="sandboxingEval.html">"Using eval in Chrome Extensions. Safely."</a>
+goes into more detail about implementing a sandboxing workflow that enables use
+of libraries that would otherwise have issues executing under extension's
+<a href="../extensions/contentSecurityPolicy.html">default Content Security
+Policy</a>.
+</p>
+<p>
+Sandboxed page may only be specified when using
+<a href="#manifest_version"><code>manifest_version</code></a> 2 or above.
+</p>