| OLD | NEW |
|---|
| 1 <h1>NPAPI Plugins</h1> | 1 <h1>NPAPI Plugins</h1> |
| 2 | 2 |
| 3 <p> | 3 <p> |
| 4 Leveraging HTML and JavaScript | 4 Leveraging HTML and JavaScript |
| 5 makes developing new extensions really easy, | 5 makes developing new extensions really easy, |
| 6 but what if you have existing legacy or proprietary code | 6 but what if you have existing legacy or proprietary code |
| 7 that you want to reuse in your extension? | 7 that you want to reuse in your extension? |
| 8 You can bundle an NPAPI plugin with your extension, | 8 You can bundle an NPAPI plugin with your extension, |
| 9 allowing you to call into native binary code from JavaScript. | 9 allowing you to call into native binary code from JavaScript. |
| 10 </p> | 10 </p> |
| 11 | 11 |
| 12 <h2 id="warning">Warning</h2> | 12 <h2 id="warning">Warning</h2> |
| 13 | 13 |
| 14 <p align="center"><b><a href="http://blog.chromium.org/2013/09/saying-goodbye-to
-our-old-friend-npapi.html">NPAPI is being phased out.</a> |
| 15 Consider using alternatives.</b></p> |
| 16 |
| 14 <p align="center"><b>NPAPI is a really big hammer that should only be used when
no other approach will work.</b> | 17 <p align="center"><b>NPAPI is a really big hammer that should only be used when
no other approach will work.</b> |
| 15 | 18 |
| 16 <p>Code running in an NPAPI plugin has the full permissions of the current user
and is not sandboxed or shielded from malicious input by Google Chrome in any wa
y. You should be especially cautious when processing input from untrusted source
s, such as when working with <a href="content_scripts.html#security-consideratio
ns">content scripts</a> or XMLHttpRequest. | 19 <p>Code running in an NPAPI plugin has the full permissions of the current user
and is not sandboxed or shielded from malicious input by Google Chrome in any wa
y. You should be especially cautious when processing input from untrusted source
s, such as when working with <a href="content_scripts.html#security-consideratio
ns">content scripts</a> or XMLHttpRequest. |
| 17 | 20 |
| 18 <p>Because of the additional security risks NPAPI poses to users, extensions tha
t use it will require manual review before being accepted in the | 21 <p>Because of the additional security risks NPAPI poses to users, extensions tha
t use it will require manual review before being accepted in the |
| 19 <a href="https://chrome.google.com/webstore">Chrome Web Store</a>.</p> | 22 <a href="https://chrome.google.com/webstore">Chrome Web Store</a>.</p> |
| 20 | 23 |
| 21 <h2 id="details">Details</h2> | 24 <h2 id="details">Details</h2> |
| 22 | 25 |
| 23 <p> | 26 <p> |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 91 to install malicious software on the user's machine. Instead, avoid | 94 to install malicious software on the user's machine. Instead, avoid |
| 92 including an NPAPI plugin whenever possible. | 95 including an NPAPI plugin whenever possible. |
| 93 </p> | 96 </p> |
| 94 | 97 |
| 95 <p> | 98 <p> |
| 96 Marking your NPAPI plugin "public" increase the attack surface of your | 99 Marking your NPAPI plugin "public" increase the attack surface of your |
| 97 extension because the plugin is exposed directly to web content, making | 100 extension because the plugin is exposed directly to web content, making |
| 98 it easier for a malicious web site to manipulate your plugin. Instead, | 101 it easier for a malicious web site to manipulate your plugin. Instead, |
| 99 avoid making your NPAPI plugin public whenever possible. | 102 avoid making your NPAPI plugin public whenever possible. |
| 100 </p> | 103 </p> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 25760002:
Add NPAPI deprecation message to extensions docs. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src