| Index: chrome/common/extensions/docs/static/npapi.html
|
| diff --git a/chrome/common/extensions/docs/static/npapi.html b/chrome/common/extensions/docs/static/npapi.html
|
| index 14542a96c0410f50e72daa49592844cf76f5bddc..ecf3787ecd734f4bc67dd98cdfa3cd3a5bcf9004 100644
|
| --- a/chrome/common/extensions/docs/static/npapi.html
|
| +++ b/chrome/common/extensions/docs/static/npapi.html
|
| @@ -9,6 +9,14 @@ You can bundle an NPAPI plugin with your extension,
|
| allowing you to call into native binary code from JavaScript.
|
| </p>
|
|
|
| +<h2>Warning</h2>
|
| +
|
| +<p align="center"><b>NPAPI is a really big hammer that should only be used when no other approach will work.</b>
|
| +
|
| +<p>Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with <a href="content_scripts.html#security-considerations">content scripts</a> or XMLHttpRequest.
|
| +
|
| +<p>Because of the additional security risks NPAPI poses to users, extensions that use it will require manual review before being accepted in the extension gallery.
|
| +
|
| <h2>Details</h2>
|
|
|
| <p>
|
|
|
Chromium Code Reviews
Issue 437001:
Docs polish (Closed)
