Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(492)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/templates/articles/sandboxingEval.html

Issue 23526077: [DocServer] Fixed Sample Links (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Bumped Server's version Created 7 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/overview.html ('k') | chrome/common/extensions/docs/templates/intros/devtools_panels.html » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <h1>Using eval in Chrome Extensions. Safely.</h1> 1 <h1>Using eval in Chrome Extensions. Safely.</h1>
2 2
3 3
4 <p> 4 <p>
5 Chrome's extension system enforces a fairly strict default 5 Chrome's extension system enforces a fairly strict default
6 <a href='../extensions/contentSecurityPolicy.html'> 6 <a href='../extensions/contentSecurityPolicy.html'>
7 <strong>Content Security Policy (CSP)</strong> 7 <strong>Content Security Policy (CSP)</strong>
8 </a>. The policy restrictions are straightforward: script must be moved 8 </a>. The policy restrictions are straightforward: script must be moved
9 out-of-line into separate JavaScript files, inline event handlers must be 9 out-of-line into separate JavaScript files, inline event handlers must be
10 converted to use <code>addEventListener</code>, and <code>eval()</code> is 10 converted to use <code>addEventListener</code>, and <code>eval()</code> is
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after
53 sandboxed page into our extension via an <code>iframe</code>, we can pass it 53 sandboxed page into our extension via an <code>iframe</code>, we can pass it
54 messages, let it act upon those messages in some way, and wait for it to pass 54 messages, let it act upon those messages in some way, and wait for it to pass
55 us back a result. This simple messaging mechanism gives us everything we need 55 us back a result. This simple messaging mechanism gives us everything we need
56 to safely include <code>eval</code>-driven code in our extension's workflow. 56 to safely include <code>eval</code>-driven code in our extension's workflow.
57 </p> 57 </p>
58 58
59 <h2 id="creating_and_using">Creating and using a sandbox.</h2> 59 <h2 id="creating_and_using">Creating and using a sandbox.</h2>
60 60
61 <p> 61 <p>
62 If you'd like to dive straight into code, please grab the 62 If you'd like to dive straight into code, please grab the
63 <a href='/extensions/samples.html#3c6dfba67f6a7480d931b5a4a646c151ad1a049b'>sa ndboxing 63 <a href='/extensions/samples.html#sandboxed-frame'>sandboxing
64 sample extension and take off</a>. It's a working example of a tiny messaging 64 sample extension and take off</a>. It's a working example of a tiny messaging
65 API built on top of the <a href='http://handlebarsjs.com'>Handlebars</a> 65 API built on top of the <a href='http://handlebarsjs.com'>Handlebars</a>
66 templating library, and it should give you everything you need to get going. 66 templating library, and it should give you everything you need to get going.
67 For those of you who'd like a little more explanation, let's walk through that 67 For those of you who'd like a little more explanation, let's walk through that
68 sample together here. 68 sample together here.
69 </p> 69 </p>
70 70
71 <h3 id="list_files">List files in manifest</h3> 71 <h3 id="list_files">List files in manifest</h3>
72 72
73 <p> 73 <p>
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after
189 This mechanism makes templating straightforward, but it of course isn't 189 This mechanism makes templating straightforward, but it of course isn't
190 limited to templating. Any code that doesn't work out of the box under a 190 limited to templating. Any code that doesn't work out of the box under a
191 strict Content Security Policy can be sandboxed; in fact, it's often useful 191 strict Content Security Policy can be sandboxed; in fact, it's often useful
192 to sandbox components of your extensions that <em>would</em> run correctly in 192 to sandbox components of your extensions that <em>would</em> run correctly in
193 order to restrict each piece of your program to the smallest set of privileges 193 order to restrict each piece of your program to the smallest set of privileges
194 necessary for it to properly execute. The 194 necessary for it to properly execute. The
195 <a href="http://www.youtube.com/watch?v=GBxv8SaX0gg">Writing Secure Web Apps 195 <a href="http://www.youtube.com/watch?v=GBxv8SaX0gg">Writing Secure Web Apps
196 and Chrome Extensions</a> presentation from Google I/O 2012 gives some good 196 and Chrome Extensions</a> presentation from Google I/O 2012 gives some good
197 examples of these technique in action, and is worth 56 minutes of your time. 197 examples of these technique in action, and is worth 56 minutes of your time.
198 </p> 198 </p>
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/overview.html ('k') | chrome/common/extensions/docs/templates/intros/devtools_panels.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698