Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 # Extension Features Files | 1 # Extension Features Files |
| 2 | 2 |
| 3 [TOC] | 3 [TOC] |
| 4 | 4 |
| 5 ## Summary | 5 ## Summary |
| 6 | 6 |
| 7 The Extension features files specify the different requirements for extension | 7 The Extension features files specify the different requirements for extension |
| 8 feature availability. | 8 feature availability. |
| 9 | 9 |
| 10 An **extension feature** can be any component of extension capabilities. Most | 10 An **extension feature** can be any component of extension capabilities. Most |
| (...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 253 The accepted values are lists of strings from `chromeos`, `mac`, `linux`, and | 253 The accepted values are lists of strings from `chromeos`, `mac`, `linux`, and |
| 254 `win`. | 254 `win`. |
| 255 | 255 |
| 256 ### whitelist | 256 ### whitelist |
| 257 | 257 |
| 258 The `whitelist` property specifies a list of ID hashes for extensions that | 258 The `whitelist` property specifies a list of ID hashes for extensions that |
| 259 are the only extensions allowed to access a feature. | 259 are the only extensions allowed to access a feature. |
| 260 | 260 |
| 261 Accepted values are lists of id hashes. | 261 Accepted values are lists of id hashes. |
| 262 | 262 |
| 263 ## Feature Contexts | |
| 264 | |
| 265 A Feature Context is the type of JavaScript context that a feature can be made | |
| 266 available in. This allows us to restrict certain features to only being | |
| 267 accessible in more secure contexts, or to expose features to contexts outside | |
| 268 of extensions. | |
| 269 | |
| 270 For each of these contexts, an "extension" context can refer to a context of | |
| 271 either an app or an extension. | |
| 272 | |
| 273 ### Blessed Extension Contexts | |
| 274 | |
| 275 The `blessed_extension` context refers to a JavaScript context running from an | |
| 276 extension process. These are typically the most secure JavaScript contexts, as | |
| 277 it reduces the likelihood that a compromised web page renderer will have access | |
| 278 to secure APIs. | |
| 279 | |
| 280 Traditionally, only pages with a top-level extension frame (with a | |
| 281 `chrome-extension://` scheme), extension popups, and app windows were blessed | |
| 282 extension contexts. With [site isolation](https://www.chromium.org/developers/de sign-documents/site-isolation), | |
| 283 extension frames running in web pages are also considered blessed extension | |
| 284 contexts, since they are running in the extension process (rather than in the | |
| 285 same process as the web page). | |
| 286 | |
| 287 ### Blessed Web Page Contexts | |
| 288 | |
| 289 The `blessed_web_page` context refers to a JavaScript context running from a | |
| 290 hosted app. These are similar to blessed extension contexts in that they are | |
| 291 (partially) isolated from other processes, but are typically more restricted | |
| 292 than blessed extension processes, since hosted apps generally have fewer | |
| 293 permissions. Note that these contexts are unaffected by the `matches` property. | |
| 294 | |
| 295 ### Content Script Contexts | |
| 296 | |
| 297 The `content_script` context refers to a JavaScript context for an extension | |
| 298 content script. Since content scripts share a process with (and run on the same | |
| 299 content as) web pages, these are considered very insecure contexts. Very few | |
| 300 features should be exposed to these contexts. | |
| 301 | |
| 302 ### Service Worker Contexts | |
| 303 | |
| 304 The `extension_service_worker` context refers to a JavaScript context for an | |
| 305 extension's service worker. An extension can only register a service worker for | |
| 306 it's own domain, and these should only be run within an extension process. Thus, | |
| 307 these have similar privilege levels to blessed extension processes. | |
|
asargent_no_longer_on_chrome
2016/08/25 17:44:37
It's probably out-of-scope for this documentation,
Devlin
2016/08/25 18:37:40
I think I requested this because there are times w
| |
| 308 | |
| 309 ### Web Page Contexts | |
| 310 | |
| 311 The `web_page` context refers to a JavaScript context for a simple web page, | |
| 312 completely separate from extensions. This is the least secure of all contexts, | |
| 313 and very few features should be exposed to these contexts. When specifying this | |
| 314 context, an accompanying URL pattern should be provided with the `matches` | |
| 315 property. | |
| 316 | |
| 317 ### WebUI Contexts | |
| 318 | |
| 319 The `webui` context refers to a JavaScript context for a page with WebUI | |
| 320 bindings, such as internal chrome pages like chrome://settings or | |
| 321 chrome://extensions. These are considered secure contexts, since they are | |
| 322 an internal part of chrome. When specifying this context, an accompanying URL | |
| 323 pattern should be provided with the `matches` property. | |
| 324 | |
| 325 ### Unblessed Extension Contexts | |
| 326 | |
| 327 The `unblessed_extension` context refers to a JavaScript context for an | |
| 328 extension frame that is embedded in an external page, like a web page, and | |
| 329 runs in the same process as the embedder. Given the limited separation between | |
| 330 the (untrusted) embedder and the extension frame, relatively few features are | |
| 331 exposed in these contexts. Note that with [site isolation](https://www.chromium. org/developers/design-documents/site-isolation), | |
| 332 extension frames (even those embedded in web pages) run in the trusted | |
| 333 extension process, and become blessed extension contexts. | |
| 334 | |
| 263 ## Still to come | 335 ## Still to come |
| 264 | 336 |
| 265 TODO(devlin): Move documentation for how to create ID hashes, possibly move | 337 TODO(devlin): Move documentation for how to create ID hashes, add documentation |
| 266 documentation for feature contexts, add documentation for extension types, and | 338 for extension types, and add documentation for the compilation process. Probably |
| 267 add documentation for the compilation process. Probably also more on | 339 also more on requirements for individual features. |
| 268 requirements for individual features. | |
| OLD | NEW |