Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(53)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/templates/articles/app_csp.html

Issue 11035016: Merge 159156 - Extensions Docs Server: Fix headings with no IDs (Closed) Base URL: svn://svn.chromium.org/chrome/branches/1271/src/
Patch Set: Created 8 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/app_architecture.html ('k') | chrome/common/extensions/docs/templates/articles/app_external.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <h1>Comply with CSP</h1> 1 <h1>Comply with CSP</h1>
2 2
3 3
4 <p> 4 <p>
5 If you're unfamiliar with Content Security Policy (CSP), 5 If you're unfamiliar with Content Security Policy (CSP),
6 <a href="http://www.html5rocks.com/en/tutorials/security/content-security-policy /">An Introduction to Content Security Policy</a> 6 <a href="http://www.html5rocks.com/en/tutorials/security/content-security-policy /">An Introduction to Content Security Policy</a>
7 is a good starting point. 7 is a good starting point.
8 It covers the broader web platform view of CSP; 8 It covers the broader web platform view of CSP;
9 packaged apps CSP isn't as flexible. 9 packaged apps CSP isn't as flexible.
10 You should read the 10 You should read the
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after
76 76
77 <h2 id="but">"But then how do I..."</h2> 77 <h2 id="but">"But then how do I..."</h2>
78 78
79 <p> 79 <p>
80 It's very possible that you are using templating libraries 80 It's very possible that you are using templating libraries
81 and many of these won’t work with CSP. 81 and many of these won’t work with CSP.
82 You may also want to access external resources in your app 82 You may also want to access external resources in your app
83 (external images, content from websites). 83 (external images, content from websites).
84 </p> 84 </p>
85 85
86 <h3>Use templating libraries</h3> 86 <h3 id="templating">Use templating libraries</h3>
87 87
88 <p> 88 <p>
89 Use a library that offers precompiled templates 89 Use a library that offers precompiled templates
90 and you’re all set. 90 and you’re all set.
91 You can still use a library that doesn’t offer precompilation, 91 You can still use a library that doesn’t offer precompilation,
92 but it will require some work on your part and there are restrictions. 92 but it will require some work on your part and there are restrictions.
93 </p> 93 </p>
94 94
95 <p> 95 <p>
96 You will need to use sandboxing to isolate any content 96 You will need to use sandboxing to isolate any content
97 that you want to do ‘eval’ things to. 97 that you want to do ‘eval’ things to.
98 Sandboxing lifts CSP on the content that you specify. 98 Sandboxing lifts CSP on the content that you specify.
99 If you want to use the very powerful Chrome APIs in your packaged app, 99 If you want to use the very powerful Chrome APIs in your packaged app,
100 your sandboxed content can't directly interact with these APIs 100 your sandboxed content can't directly interact with these APIs
101 (see <a href="app_external.html#sandboxing">Sandbox local content</a>). 101 (see <a href="app_external.html#sandboxing">Sandbox local content</a>).
102 </p> 102 </p>
103 103
104 <h3>Access remote resources</h3> 104 <h3 id="remote_resources">Access remote resources</h3>
105 105
106 <p> 106 <p>
107 You can fetch remote resources via <code>XMLHttpRequest</code> 107 You can fetch remote resources via <code>XMLHttpRequest</code>
108 and serve them via <code>blob:</code>, <code>data:</code>, 108 and serve them via <code>blob:</code>, <code>data:</code>,
109 or <code>filesystem:</code> URLs 109 or <code>filesystem:</code> URLs
110 (see <a href="app_external.html#external">Referencing external resources</a>). 110 (see <a href="app_external.html#external">Referencing external resources</a>).
111 </p> 111 </p>
112 112
113 <p> 113 <p>
114 Video and audio can be loaded from remote services 114 Video and audio can be loaded from remote services
115 because they have good fallback behavior when offline or under spotty connectivi ty. 115 because they have good fallback behavior when offline or under spotty connectivi ty.
116 </p> 116 </p>
117 117
118 <h3>Embed web content</h3> 118 <h3 id="embed_content">Embed web content</h3>
119 119
120 <p> 120 <p>
121 Instead of using an iframe, 121 Instead of using an iframe,
122 you can call out to an external URL using an object tag 122 you can call out to an external URL using an object tag
123 (see <a href="app_external.html#objecttag">Embed external web pages</a>). 123 (see <a href="app_external.html#objecttag">Embed external web pages</a>).
124 </p> 124 </p>
125 125
126 <p class="backtotop"><a href="#top">Back to top</a></p> 126 <p class="backtotop"><a href="#top">Back to top</a></p>
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/app_architecture.html ('k') | chrome/common/extensions/docs/templates/articles/app_external.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698