Docs polish

chrome/common/extensions/docs/content_scripts.html

 <!DOCTYPE html><!-- This page is a placeholder for generated extensions api doc. Note:
     1) The <head> information in this page is significant, should be uniform
        across api docs and should be edited only with knowledge of the
        templating mechanism.
     3) All <body>.innerHTML is genereated as an rendering step. If viewed in a
        browser, it will be re-generated from the template, json schema and
        authored overview content.
     4) The <body>.innerHTML is also generated by an offline step so that this
        page may easily be indexed by search engines.
 --><html xmlns="http://www.w3.org/1999/xhtml"><head>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
     <link href="css/ApiRefStyles.css" rel="stylesheet" type="text/css">
     <link href="css/print.css" rel="stylesheet" type="text/css" media="print">
     <script type="text/javascript" src="../../../third_party/jstemplate/jstemplate_compiled.js">
     </script>
     <script type="text/javascript" src="js/api_page_generator.js"></script>
     <script type="text/javascript" src="js/bootstrap.js"></script>
-  <title>Content Scripts</title></head><body>  <div id="gc-container" class="labs">
+  <title>Content Scripts - Google Chrome Extensions - Google Code</title></head><body>  <div id="gc-container" class="labs">
       <!-- SUBTEMPLATES: DO NOT MOVE FROM THIS LOCATION -->
       <!-- In particular, sub-templates that recurse, must be used by allowing
            jstemplate to make a copy of the template in this section which
            are not operated on by way of the jsskip="true" -->
       <div style="display:none">
 
         <!-- VALUE -->
         <div id="valueTemplate">
           <dt>
             <var>paramName</var>
@@ skipping 38 matching lines @@
         </div> <!-- /VALUE -->
 
       </div> <!-- /SUBTEMPLATES -->
 
   <a id="top"></a>
     <div id="skipto">
       <a href="#gc-pagecontent">Skip to page content</a>
       <a href="#gc-toc">Skip to main navigation</a>
     </div>
     <!-- API HEADER -->
-    <div id="gc-header">
-      <div id="logo">
+    <table id="header" width="100%" cellspacing="0" border="0">
+      <tbody><tr>
+        <td valign="middle"><img src="images/code_labs_logo.gif" height="43" width="161" alt="Google Code Labs" style="border:0; margin:0;"></td>
+        <td valign="middle" width="100%" style="padding-left:0.6em;">
+          <form action="http://www.google.com/cse" id="cse" style="margin-top:0.5em">
+            <div id="gsc-search-box">
+              <input type="hidden" name="cx" value="002967670403910741006:61_cvzfqtno">
+              <input type="hidden" name="ie" value="UTF-8">
+              <input type="text" name="q" size="55">
+              <input class="gsc-search-button" type="submit" name="sa" value="Search">
+              <br>
+              <span class="greytext">e.g. "ajax apis" or "open source"</span>
+            </div>
+          </form>
 
-
-         <img src="images/code_labs_logo.gif" height="43" width="161" alt="Google Code Labs" style="border:0;">
-
-
-      </div>
-      <div id="search">
-        <div id="searchForm" class="searchForm">
-        <form action="http://www.google.com/cse" id="cse">
-          <div id="gsc-search-box">
-            <input type="hidden" name="cx" value="002967670403910741006:61_cvzfqtno">
-            <input type="hidden" name="ie" value="UTF-8">
-            <input type="text" name="q" size="31">
-            <input class="gsc-search-button" type="submit" name="sa" value="Search">
-          </div>
-        </form>
-        <p>&nbsp;</p>
-        </div> <!-- end searchForm -->
-
-        <script type="text/javascript" src="http://www.google.com/jsapi"></script>
-        <script type="text/javascript">google.load("elements", "1", {packages: "transliteration"});</script>
-        <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse&amp;t13n_langs=en"></script>
-        <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse&amp;lang=en"></script>
-      </div> <!-- end search -->
-    </div> <!-- end gc-header -->
+          <script type="text/javascript" src="http://www.google.com/jsapi"></script>
+          <script type="text/javascript">google.load("elements", "1", {packages: "transliteration"});</script>
+          <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse&amp;t13n_langs=en"></script>
+          <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse&amp;lang=en"></script>
+        </td>
+      </tr>
+    </tbody></table>
 
     <div id="codesiteContent">
 
       <a id="gc-topnav-anchor"></a>
       <div id="gc-topnav">
         <h1>Google Chrome Extensions (<a href="/labs/">Labs</a>)</h1>
         <ul id="home" class="gc-topnav-tabs">
           <li id="home_link">
             <a href="index.html" class="selected" title="Google Chrome Extensions documentation home page">Home</a>
           </li>
-          <li id="blog_link">
-            <a href="http://blog.chromium.org/" title="Chromium blog">Blog</a>
+          <li id="group_link">
+            <a href="http://groups.google.com/group/chromium-extensions" title="Google Chrome Extensions mailing list">Group</a>
           </li>
-          <li id="faq_link">
-            <a href="faq.html" title="Google Chrome Extensions FAQ">FAQ</a>
+          <li id="samples_link">
+            <a href="samples.html" title="Google Chrome Extensions samples">Samples</a>
           </li>
-          <li id="group_link">
-            <a href="http://groups.google.com/group/chromium-extensions" title="Chromium-Extensions group">Group</a>
-          </li>
+          <!--
           <li id="terms_link">
             Terms
           </li>
+          -->
         </ul>
       </div> <!-- end gc-topnav -->
 
     <div class="g-section g-tpl-170">
       <!-- SIDENAV -->
       <div class="g-unit g-first" id="gc-toc">
         <ul>
           <li><a href="index.html">Home</a></li>
           <li><a href="getstarted.html">Getting Started</a></li>
           <li><a href="overview.html">Overview</a></li>
@@ skipping 273 matching lines @@
 
 <h2 id="execution-environment">Execution environment</h2>
 
 <p>Content scripts execute in a special environment called an <em>isolated world</em>. They have access to the DOM of the page they are injected into, but not to any JavaScript variables or functions created by the page. It looks to each content script as if there is no other JavaScript executing on the page it is running on. The same is true in reverse: JavaScript running on the page cannot call any functions or access any variables defined by content scripts.
 
 </p><p>For example, consider this simple page:
 
 </p><pre>hello.html
 ==========
 &lt;html&gt;
-  &lt;button id="button"&gt;click me&lt;/button&gt;
+  &lt;button id="mybutton"&gt;click me&lt;/button&gt;
   &lt;script&gt;
-    var greeting = "hello!";
-    function sayGreeting() {
-      alert(greeting);
-    }
-    document.getElementById("button").onclick = sayGreeting;
+    var greeting = "hello, ";
+    var button = document.getElementById("mybutton");
+    button.person_name = "Bob";
+    button.addEventListener("click", function() {
+      alert(greeting + button.person_name + ".");
+    }, false);
   &lt;/script&gt;
 &lt;/html&gt;</pre>
 
 <p>Now, suppose this content script was injected into hello.html:
 
 </p><pre>contentscript.js
 ================
-console.log(greeting);  // undefined
-console.log(sayGreeting);  // undefined
-console.log(document.getElementById("button").onclick);  // still undefined
-document.getElementById("button").onclick = function() {
-  alert("hola!");
-}</pre>
+var greeting = "hola, ";
+var button = document.getElementById("mybutton");
+button.person_name = "Roberto";
+button.addEventListener("click", function() {
+  alert(greeting + button.person_name + ".");
+}, false);
+</pre>
 
 <p>Now, if the button is pressed, you will see both greetings.
 
 </p><p>Isolated worlds allow each content script to make changes to its JavaScript environment without worrying about conflicting with the page or with other content scripts. For example, a content script could include JQuery v1 and the page could include JQuery v2, and they wouldn't conflict with each other.
 
 </p><p>Another important benefit of isolated worlds is that they completely separate the JavaScript on the page from the JavaScript in extensions. This allows us to offer extra functionality to content scripts that should not be accessible from web pages without worrying about web pages accessing it.
 
 
 </p><h2 id="host-page-communication">Communication with the embedding page</h2>
 
@@ skipping 18 matching lines @@
 
 document.getElementById('myCustomEventDiv').addEventListener('myCustomEvent', function() {
   var eventData = document.getElementById('myCustomEventDiv').innerText;
   port.postMessage({message: "myCustomEvent", values: eventData});
 });</pre>
 
 <p>In the above example, example.html (which is not a part of the extension) creates a custom event and then can decide to fire the event by setting the event data to a known location in the DOM and then dispatching the custom event. The content script listens for the name of the custom event on the known element and handles the event by inspecting the data of the element, and turning around to post the message to the extension process. In this way the page establishes a line of communication to the extension. The reverse is possible through similar means.</p>
 
 <h2 id="security-considerations">Security considerations</h2>
 
-When writing a content script, you should be aware of two security issues.
+<p>When writing a content script, you should be aware of two security issues.
 First, be careful not to introduce security vulnerabilities into the web site
 your content script is injected into.  For example, if your content script
 receives content from another web site (e.g., by <a href="messaging.html">asking your background page to make an
 XMLHttpRequest</a>), be careful to filter that content for <a href="http://en.wikipedia.org/wiki/Cross-site_scripting">cross-site
 scripting</a> attacks before injecting the content into the current page.
 For example, prefer to inject content via innerText rather than innerHTML.
 Be especially careful when retrieving HTTP content on an HTTPS page because
 the HTTP content might have been corrupted by a network <a href="http://en.wikipedia.org/wiki/Man-in-the-middle_attack">"man-in-the-middle"</a>
-if the user is on a hostile network.<p></p>
+if the user is on a hostile network.</p>
 
 <p>Second, although running your content script in an isolated world provides
 some protection from the web page, a malicious web page might still be able
 to attack your content script if you use content from the web page
 indiscriminately.  For example, the following patterns are dangerous:
 </p><pre>contentscript.js
 ================
 var data = document.getElementById("json-data")
 // WARNING! Might be evaluating an evil script!
 var parsed = eval("(" + data + ")")
@@ skipping 213 matching lines @@
     urchinTracker();
   }
   catch(e) {/* urchinTracker not available. */}
 </script>
 <!-- end analytics -->
       </div>
     </div> <!-- /gc-footer -->
   </div> <!-- /gc-container -->
 </body></html>