Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(250)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/templates/articles/app_csp.html

Issue 219213007: Remove .html extension from links (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/app_codelab8_webresources.html ('k') | chrome/common/extensions/docs/templates/articles/app_deprecated.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <h1>Content Security Policy</h1> 1 <h1>Content Security Policy</h1>
2 2
3 3
4 <p> 4 <p>
5 If you're not familiar with Content Security Policy (CSP), 5 If you're not familiar with Content Security Policy (CSP),
6 <a href="http://www.html5rocks.com/en/tutorials/security/content-security-policy /">An Introduction to Content Security Policy</a> 6 <a href="http://www.html5rocks.com/en/tutorials/security/content-security-policy /">An Introduction to Content Security Policy</a>
7 is a good starting point. 7 is a good starting point.
8 That document covers the broader web platform view of CSP; 8 That document covers the broader web platform view of CSP;
9 Chrome App CSP isn't as flexible. 9 Chrome App CSP isn't as flexible.
10 You should also read the 10 You should also read the
11 <a href="/extensions/contentSecurityPolicy.html">Chrome extension Content Securi ty Policy</a>, 11 <a href="/extensions/contentSecurityPolicy">Chrome extension Content Security Po licy</a>,
12 as it's the foundation for the Chrome App CSP. 12 as it's the foundation for the Chrome App CSP.
13 For brevity's sake, 13 For brevity's sake,
14 we don't repeat the same information here. 14 we don't repeat the same information here.
15 </p> 15 </p>
16 16
17 <p> 17 <p>
18 CSP is a policy to mitigate against cross-site scripting issues, 18 CSP is a policy to mitigate against cross-site scripting issues,
19 and we all know that cross-site scripting is bad. 19 and we all know that cross-site scripting is bad.
20 We aren’t going to try and convince you 20 We aren’t going to try and convince you
21 that CSP is a warm-and-fuzzy new policy. 21 that CSP is a warm-and-fuzzy new policy.
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after
91 You can still use a library that doesn’t offer precompilation, 91 You can still use a library that doesn’t offer precompilation,
92 but it will require some work on your part and there are restrictions. 92 but it will require some work on your part and there are restrictions.
93 </p> 93 </p>
94 94
95 <p> 95 <p>
96 You will need to use sandboxing to isolate any content 96 You will need to use sandboxing to isolate any content
97 that you want to do ‘eval’ things to. 97 that you want to do ‘eval’ things to.
98 Sandboxing lifts CSP on the content that you specify. 98 Sandboxing lifts CSP on the content that you specify.
99 If you want to use the very powerful Chrome APIs in your Chrome App, 99 If you want to use the very powerful Chrome APIs in your Chrome App,
100 your sandboxed content can't directly interact with these APIs 100 your sandboxed content can't directly interact with these APIs
101 (see <a href="app_external.html#sandboxing">Sandbox local content</a>). 101 (see <a href="app_external#sandboxing">Sandbox local content</a>).
102 </p> 102 </p>
103 103
104 <h3 id="remote_resources">Access remote resources</h3> 104 <h3 id="remote_resources">Access remote resources</h3>
105 105
106 <p> 106 <p>
107 You can fetch remote resources via <code>XMLHttpRequest</code> 107 You can fetch remote resources via <code>XMLHttpRequest</code>
108 and serve them via <code>blob:</code>, <code>data:</code>, 108 and serve them via <code>blob:</code>, <code>data:</code>,
109 or <code>filesystem:</code> URLs 109 or <code>filesystem:</code> URLs
110 (see <a href="app_external.html#external">Referencing external resources</a>). 110 (see <a href="app_external#external">Referencing external resources</a>).
111 </p> 111 </p>
112 112
113 <p> 113 <p>
114 Video and audio can be loaded from remote services 114 Video and audio can be loaded from remote services
115 because they have good fallback behavior when offline or under spotty connectivi ty. 115 because they have good fallback behavior when offline or under spotty connectivi ty.
116 </p> 116 </p>
117 117
118 <h3 id="embed_content">Embed web content</h3> 118 <h3 id="embed_content">Embed web content</h3>
119 119
120 <p> 120 <p>
121 Instead of using an iframe, 121 Instead of using an iframe,
122 you can call out to an external URL using an object tag 122 you can call out to an external URL using an object tag
123 (see <a href="app_external.html#webview">Embed external web pages</a>). 123 (see <a href="app_external#webview">Embed external web pages</a>).
124 </p> 124 </p>
125 125
126 <p class="backtotop"><a href="#top">Back to top</a></p> 126 <p class="backtotop"><a href="#top">Back to top</a></p>
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/app_codelab8_webresources.html ('k') | chrome/common/extensions/docs/templates/articles/app_deprecated.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698