trunk/src/chrome/common/extensions/docs/templates/articles/manifest/sandbox.html - Issue 14712010: Revert 199633 "Doc server manifest page generation"

Unified Diff: trunk/src/chrome/common/extensions/docs/templates/articles/manifest/sandbox.html

Issue 14712010: Revert 199633 "Doc server manifest page generation" (Closed) Base URL: svn://svn.chromium.org/chrome/

Patch Set: Created 7 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

« no previous file with comments | « trunk/src/chrome/common/extensions/docs/templates/articles/manifest/requirements.html ('k') | trunk/src/chrome/common/extensions/docs/templates/articles/manifest/version.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Hide Comments ('s')

Index: trunk/src/chrome/common/extensions/docs/templates/articles/manifest/sandbox.html

===================================================================

--- trunk/src/chrome/common/extensions/docs/templates/articles/manifest/sandbox.html (revision 199633)

+++ trunk/src/chrome/common/extensions/docs/templates/articles/manifest/sandbox.html (working copy)

@@ -1,67 +0,0 @@

-<h1 id="sandbox">Manifest - Sandbox</h1>

-

-Defines an collection of app or extension pages that are to be served

-in a sandboxed unique origin, and optionally a Content Security Policy to use

-with them. Being in a sandbox has two implications:

-

-<ol>

-<li>A sandboxed page will not have access to extension or app APIs, or

-direct access to non-sandboxed pages (it may communicate with them via

-<code>postMessage()</code>).</li>

-<li>

- A sandboxed page is not subject to the

- <a href="http://developer.chrome.com/extensions/contentSecurityPolicy.html">Content Security Policy

- (CSP)</a> used by the rest of the app or extension (it has its own separate

- CSP value). This means that, for example, it can use inline script and

- <code>eval</code>.

- For example, here's how to specify that two extension pages are to be

- served in a sandbox with a custom CSP:

- <pre class="prettyprint">{

- ...

- "sandbox": {

- "pages": [

- "page1.html",

- "directory/page2.html"

- ]

- // content_security_policy is optional.

- "content_security_policy":

- "sandbox allow-scripts; script-src https://www.google.com"

- ],

- ...

-}</pre>

-

- If not specified, the default <code>content_security_policy</code> value is

- <code>sandbox allow-scripts allow-forms</code>. You can specify your CSP

- value to restrict the sandbox even further, but it must have the <code>sandbox</code>

- directive and may not have the <code>allow-same-origin</code> token (see

- <a href="http://www.whatwg.org/specs/web-apps/current-work/multipage/the-iframe-element.html#attr-iframe-sandbox">the

- HTML5 specification</a> for possible sandbox tokens).

-

-</li>

-</ol>

-

-Note that you only need to list pages that you expected to be loaded in

-windows or frames. Resources used by sandboxed pages (e.g. stylesheets or

-JavaScript source files) do not need to appear in the

-<code>sandboxed_page</code> list, they will use the sandbox of the page

-that embeds them.

-

-

-<a href="http://developer.chrome.com/extensions/sandboxingEval.html">"Using eval in Chrome Extensions. Safely."</a>

-goes into more detail about implementing a sandboxing workflow that enables use

-of libraries that would otherwise have issues executing under extension's

-<a href="http://developer.chrome.com/extensions/contentSecurityPolicy.html">default Content Security

-Policy</a>.

-

-

-Sandboxed page may only be specified when using

-<a href="http://developer.chrome.com/extensions/manifest.html#manifest_version"><code>manifest_version</code></a> 2 or above.

-