Chromium Code Reviews Chromium Code Reviews
Issue 219213007:
Remove .html extension from links (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html |
| diff --git a/chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html b/chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html |
| index 47283ce316418f223e73b90b75cd2a4eaf2d4d5f..bc0b8421bbc3b61e2528c810ec582d01b45ebac6 100644 |
| --- a/chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html |
| +++ b/chrome/common/extensions/docs/templates/articles/contentSecurityPolicy.html |
| @@ -4,7 +4,7 @@ |
| <p> |
| In order to mitigate a large class of potential cross-site scripting issues, |
| Chrome's extension system has incorporated the general concept of |
| - <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html"> |
| + <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev"> |
| <strong>Content Security Policy (CSP)</strong> |
| </a>. This introduces some fairly strict policies that will make extensions |
| more secure by default, and provides you with the ability to create and |
| @@ -18,7 +18,7 @@ |
| extension enables you to carefully consider the resources that your extension |
| requires, and to ask the browser to ensure that those are the only resources |
| your extension has access to. These policies provide security over and above |
| - the <a href="declare_permissions.html">host permissions</a> your extension |
| + the <a href="declare_permissions">host permissions</a> your extension |
| requests; they're an additional layer of protection, not a replacement. |
| </p> |
| @@ -26,7 +26,7 @@ |
| On the web, such a policy is defined via an HTTP header or <code>meta</code> |
| element. Inside Chrome's extension system, neither is an appropriate |
| mechanism. Instead, an extension's policy is defined via the extension's |
| - <a href="manifest.html"><code>manifest.json</code></a> file as follows: |
| + <a href="manifest"><code>manifest.json</code></a> file as follows: |
| </p> |
| <pre data-filename="manifest.json"> |
| @@ -39,7 +39,7 @@ |
| <p class="note"> |
| For full details regarding CSP's syntax, please take a look at |
| - <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#syntax"> |
| + <a href="http://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev#syntax"> |
| the Content Security Policy specification |
| </a>, and the <a href="http://www.html5rocks.com/en/tutorials/security/content-security-policy/"> |
| "An Introduction to Content Security Policy" |
| @@ -49,7 +49,7 @@ |
| <h2 id="restrictions">Default Policy Restrictions</h2> |
| <p> |
| - Packages that do not define a <a href="manifestVersion.html"> |
| + Packages that do not define a <a href="manifestVersion"> |
| <code>manifest_version</code> |
| </a> have no default content security policy. Those that select |
| <code>manifest_version</code> 2, have a default content security policy |
| @@ -98,11 +98,11 @@ function() { return foo && foo.bar && foo.bar.baz }; |
| malicious third-party. It does, however, require you to write your code with a |
| clean separation between content and behavior (which you should of course do |
| anyway, right?). An example might make this clearer. You might try to write a |
| - <a href="browserAction.html#popups">Browser Action's popup</a> as a single |
| - <code>popup.html</code> containing: |
| + <a href="browserAction#popups">Browser Action's popup</a> as a single |
| + <code>popup</code> containing: |
| </p> |
|
mkearney1
2014/04/09 19:43:30
Keep .html in as it refers to filename.
|
| -<pre data-filename="popup.html"> |
| +<pre data-filename="popup"> |
| <!doctype html> |
| <html> |
| <head> |
| @@ -192,7 +192,7 @@ function main() { |
| main(); |
| }); |
| </pre> |
| -<pre data-filename="popup.html"> |
| +<pre data-filename="popup"> |
|
mkearney1
2014/04/09 19:43:30
Keep .html in as it refers to filename.
|
| <!doctype html> |
| <html> |
| <head> |
| @@ -223,7 +223,7 @@ function main() { |
| your extension package. That is, instead of: |
| </p> |
| -<pre data-filename="popup.html"> |
| +<pre data-filename="popup"> |
|
mkearney1
2014/04/09 19:43:30
Keep .html in as it refers to filename.
|
| <!doctype html> |
| <html> |
| <head> |
| @@ -240,7 +240,7 @@ function main() { |
| Download the file, include it in your package, and write: |
| <p> |
| -<pre data-filename="popup.html"> |
| +<pre data-filename="popup"> |
|
mkearney1
2014/04/09 19:43:30
Keep .html in as it refers to filename.
|
| <!doctype html> |
| <html> |
| <head> |
| @@ -311,9 +311,9 @@ function main() { |
| <p> |
| Making use of Google Analytics is the canonical example for this sort of |
| policy definition. It's common enough that we've provided an Analytics |
| - boilerplate of sorts in the <a href="samples.html#event-tracking-with-google-analytics">Event Tracking |
| + boilerplate of sorts in the <a href="samples#event-tracking-with-google-analytics">Event Tracking |
| with Google Analytics</a> sample extension, and a |
| -<a href="tut_analytics.html">brief tutorial</a> that goes into more detail. |
| +<a href="tut_analytics">brief tutorial</a> that goes into more detail. |
| </p> |
| <h3 id="relaxing-eval">Evaluated JavaScript</h3> |
| @@ -341,7 +341,7 @@ function main() { |
| allows in order to increase security at the expense of convenience. To specify |
| that your extension can only load resources of <em>any</em> type (images, etc) |
| from its own package, for example, a policy of <code>default-src 'self'</code> |
| - would be appropriate. The <a href="samples.html#mappy">Mappy</a> sample |
| + would be appropriate. The <a href="samples#mappy">Mappy</a> sample |
| extension is a good example of an extension that's been locked down above and |
| beyond the defaults. |
| </p> |
