Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(1791)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: chrome/common/extensions/docs/npapi.html

Issue 437001: Docs polish (Closed)
Patch Set: Add an NPAPI warning Created 11 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « chrome/common/extensions/docs/messaging.html ('k') | chrome/common/extensions/docs/options.html » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: chrome/common/extensions/docs/npapi.html
diff --git a/chrome/common/extensions/docs/npapi.html b/chrome/common/extensions/docs/npapi.html
index 4c22eaaf448aa3720fcb16c09a1f87c9303d50dd..232b06d06b5b72ff9419730ebd6f4585b106b2cb 100644
--- a/chrome/common/extensions/docs/npapi.html
+++ b/chrome/common/extensions/docs/npapi.html
@@ -15,7 +15,7 @@
</script>
<script type="text/javascript" src="js/api_page_generator.js"></script>
<script type="text/javascript" src="js/bootstrap.js"></script>
- <title>NPAPI Plugins</title></head><body> <div id="gc-container" class="labs">
+ <title>NPAPI Plugins - Google Chrome Extensions - Google Code</title></head><body> <div id="gc-container" class="labs">
<!-- SUBTEMPLATES: DO NOT MOVE FROM THIS LOCATION -->
<!-- In particular, sub-templates that recurse, must be used by allowing
jstemplate to make a copy of the template in this section which
@@ -74,33 +74,28 @@
<a href="#gc-toc">Skip to main navigation</a>
</div>
<!-- API HEADER -->
- <div id="gc-header">
- <div id="logo">
-
-
- <img src="images/code_labs_logo.gif" height="43" width="161" alt="Google Code Labs" style="border:0;">
-
+ <table id="header" width="100%" cellspacing="0" border="0">
+ <tbody><tr>
+ <td valign="middle"><img src="images/code_labs_logo.gif" height="43" width="161" alt="Google Code Labs" style="border:0; margin:0;"></td>
+ <td valign="middle" width="100%" style="padding-left:0.6em;">
+ <form action="http://www.google.com/cse" id="cse" style="margin-top:0.5em">
+ <div id="gsc-search-box">
+ <input type="hidden" name="cx" value="002967670403910741006:61_cvzfqtno">
+ <input type="hidden" name="ie" value="UTF-8">
+ <input type="text" name="q" size="55">
+ <input class="gsc-search-button" type="submit" name="sa" value="Search">
+ <br>
+ <span class="greytext">e.g. "ajax apis" or "open source"</span>
+ </div>
+ </form>
- </div>
- <div id="search">
- <div id="searchForm" class="searchForm">
- <form action="http://www.google.com/cse" id="cse">
- <div id="gsc-search-box">
- <input type="hidden" name="cx" value="002967670403910741006:61_cvzfqtno">
- <input type="hidden" name="ie" value="UTF-8">
- <input type="text" name="q" size="31">
- <input class="gsc-search-button" type="submit" name="sa" value="Search">
- </div>
- </form>
- <p>&nbsp;</p>
- </div> <!-- end searchForm -->
-
- <script type="text/javascript" src="http://www.google.com/jsapi"></script>
- <script type="text/javascript">google.load("elements", "1", {packages: "transliteration"});</script>
- <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse&amp;t13n_langs=en"></script>
- <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse&amp;lang=en"></script>
- </div> <!-- end search -->
- </div> <!-- end gc-header -->
+ <script type="text/javascript" src="http://www.google.com/jsapi"></script>
+ <script type="text/javascript">google.load("elements", "1", {packages: "transliteration"});</script>
+ <script type="text/javascript" src="http://www.google.com/coop/cse/t13n?form=cse&amp;t13n_langs=en"></script>
+ <script type="text/javascript" src="http://www.google.com/coop/cse/brand?form=cse&amp;lang=en"></script>
+ </td>
+ </tr>
+ </tbody></table>
<div id="codesiteContent">
@@ -111,18 +106,17 @@
<li id="home_link">
<a href="index.html" class="selected" title="Google Chrome Extensions documentation home page">Home</a>
</li>
- <li id="blog_link">
- <a href="http://blog.chromium.org/" title="Chromium blog">Blog</a>
- </li>
- <li id="faq_link">
- <a href="faq.html" title="Google Chrome Extensions FAQ">FAQ</a>
- </li>
<li id="group_link">
- <a href="http://groups.google.com/group/chromium-extensions" title="Chromium-Extensions group">Group</a>
+ <a href="http://groups.google.com/group/chromium-extensions" title="Google Chrome Extensions mailing list">Group</a>
+ </li>
+ <li id="samples_link">
+ <a href="samples.html" title="Google Chrome Extensions samples">Samples</a>
</li>
+ <!--
<li id="terms_link">
Terms
</li>
+ -->
</ul>
</div> <!-- end gc-topnav -->
@@ -262,7 +256,15 @@ You can bundle an NPAPI plugin with your extension,
allowing you to call into native binary code from JavaScript.
</p>
-<h2>Details</h2>
+<h2>Warning</h2>
+
+<p align="center"><b>NPAPI is a really big hammer that should only be used when no other approach will work.</b>
+
+</p><p>Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with <a href="content_scripts.html#security-considerations">content scripts</a> or XMLHttpRequest.
+
+</p><p>Because of the additional security risks NPAPI poses to users, extensions that use it will require manual review before being accepted in the extension gallery.
+
+</p><h2>Details</h2>
<p>
How to develop an NPAPI plugin is outside the scope of this document.
« no previous file with comments | « chrome/common/extensions/docs/messaging.html ('k') | chrome/common/extensions/docs/options.html » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698