| OLD | NEW |
|---|
| 1 <h1>External Content</h1> | 1 <h1>External Content</h1> |
| 2 | 2 |
| 3 | 3 |
| 4 <p> | 4 <p> |
| 5 The <a href="app_architecture#security">Chrome Apps security model</a> disallows | 5 The <a href="app_architecture#security">Chrome Apps security model</a> disallows |
| 6 external content in iframes and | 6 external content in iframes and |
| 7 the use of inline scripting and <code>eval()</code>. | 7 the use of inline scripting and <code>eval()</code>. |
| 8 You can override these restrictions, | 8 You can override these restrictions, |
| 9 but your external content must be isolated from the app. | 9 but your external content must be isolated from the app. |
| 10 </p> | 10 </p> |
| 11 | 11 |
| 12 <p> | 12 <p> |
| 13 Isolated content cannot directly | 13 Isolated content cannot directly |
| 14 access the app's data or any of the APIs. | 14 access the app's data or any of the APIs. |
| 15 Use cross-origin XMLHttpRequests | 15 Use cross-origin XMLHttpRequests |
| 16 and post-messaging to communicate between the event page and sandboxed content | 16 and post-messaging to communicate between the event page and sandboxed content |
| 17 and indirectly access the APIs. | 17 and indirectly access the APIs. |
| 18 </p> | 18 </p> |
| 19 | 19 |
| 20 <p class="note"> | 20 <p class="note"> |
| 21 <b>API Sample: </b> | 21 <b>API Sample: </b> |
| 22 Want to play with the code? | 22 Want to play with the code? |
| 23 Check out the | 23 Check out the |
| 24 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/sandbox"
>sandbox</a> sample. | 24 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/
sandbox">sandbox</a> sample. |
| 25 </p> | 25 </p> |
| 26 | 26 |
| 27 <h2 id="external">Referencing external resources</h2> | 27 <h2 id="external">Referencing external resources</h2> |
| 28 | 28 |
| 29 <p> | 29 <p> |
| 30 The <a href="contentSecurityPolicy">Content Security Policy</a> used by apps dis
allows | 30 The <a href="contentSecurityPolicy">Content Security Policy</a> used by apps dis
allows |
| 31 the use of many kinds of remote URLs, so you can't directly reference external | 31 the use of many kinds of remote URLs, so you can't directly reference external |
| 32 images, stylesheets, or fonts from an app page. Instead, you can use use | 32 images, stylesheets, or fonts from an app page. Instead, you can use use |
| 33 cross-origin XMLHttpRequests to fetch these resources, | 33 cross-origin XMLHttpRequests to fetch these resources, |
| 34 and then serve them via <code>blob:</code> URLs. | 34 and then serve them via <code>blob:</code> URLs. |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 69 </pre> | 69 </pre> |
| 70 | 70 |
| 71 <p>You may want to <a href="offline_apps#saving-locally">save</a> | 71 <p>You may want to <a href="offline_apps#saving-locally">save</a> |
| 72 these resources locally, so that they are available offline.</p> | 72 these resources locally, so that they are available offline.</p> |
| 73 | 73 |
| 74 <h2 id="webview">Embed external web pages</h2> | 74 <h2 id="webview">Embed external web pages</h2> |
| 75 | 75 |
| 76 <p class="note"> | 76 <p class="note"> |
| 77 <b>API Sample: </b> | 77 <b>API Sample: </b> |
| 78 Want to play with the code? Check out the | 78 Want to play with the code? Check out the |
| 79 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/browser"
>browser</a> | 79 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/
browser">browser</a> |
| 80 sample. | 80 sample. |
| 81 </p> | 81 </p> |
| 82 | 82 |
| 83 <p> | 83 <p> |
| 84 The <code>webview</code> tag allows you to embed external web content in your | 84 The <code>webview</code> tag allows you to embed external web content in your |
| 85 app, for example, a web page. It replaces iframes that point to remote URLs, | 85 app, for example, a web page. It replaces iframes that point to remote URLs, |
| 86 which are disabled inside Chrome Apps. Unlike iframes, the | 86 which are disabled inside Chrome Apps. Unlike iframes, the |
| 87 <code>webview</code> tag runs in a separate process. This means that an exploit | 87 <code>webview</code> tag runs in a separate process. This means that an exploit |
| 88 inside of it will still be isolated and won't be able to gain elevated | 88 inside of it will still be isolated and won't be able to gain elevated |
| 89 privileges. Further, since its storage (cookies, etc.) is isolated from the app, | 89 privileges. Further, since its storage (cookies, etc.) is isolated from the app, |
| (...skipping 198 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 288 | 288 |
| 289 <pre data-filename="sandboxed.html"> | 289 <pre data-filename="sandboxed.html"> |
| 290 var messageHandler = function(e) { | 290 var messageHandler = function(e) { |
| 291 console.log('Background script says hello.', e.data); | 291 console.log('Background script says hello.', e.data); |
| 292 }; | 292 }; |
| 293 | 293 |
| 294 window.addEventListener('message', messageHandler); | 294 window.addEventListener('message', messageHandler); |
| 295 </pre> | 295 </pre> |
| 296 | 296 |
| 297 <p class="backtotop"><a href="#top">Back to top</a></p> | 297 <p class="backtotop"><a href="#top">Back to top</a></p> |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 561733004:
Fixing path to chrome app samples in documentation (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master