Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(593)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: chrome/common/extensions/docs/templates/articles/app_external.html

Issue 596123002: Clarify documentation for Chrome Apps CSP, link to webview, example for sandbox. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@lkgr
Patch Set: Created 6 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/app_csp.html ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 <h1>External Content</h1> 1 <h1>External Content</h1>
2 2
3 3
4 <p> 4 <p>
5 The <a href="app_architecture#security">Chrome Apps security model</a> disallows 5 The <a href="app_architecture#security">Chrome Apps security model</a> disallows
6 external content in iframes and 6 external content in iframes and
7 the use of inline scripting and <code>eval()</code>. 7 the use of inline scripting and <code>eval()</code>.
8 You can override these restrictions, 8 You can override these restrictions,
9 but your external content must be isolated from the app. 9 but your external content must be isolated from the app.
10 </p> 10 </p>
(...skipping 63 matching lines...) Expand 10 before | Expand all | Expand 10 after
74 <h2 id="webview">Embed external web pages</h2> 74 <h2 id="webview">Embed external web pages</h2>
75 75
76 <p class="note"> 76 <p class="note">
77 <b>API Sample: </b> 77 <b>API Sample: </b>
78 Want to play with the code? Check out the 78 Want to play with the code? Check out the
79 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/ browser">browser</a> 79 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/ browser">browser</a>
80 sample. 80 sample.
81 </p> 81 </p>
82 82
83 <p> 83 <p>
84 The <code>webview</code> tag allows you to embed external web content in your 84 The <a href="webview_tag"><code>webview</code></a> tag allows you to embed exter nal web content in your
85 app, for example, a web page. It replaces iframes that point to remote URLs, 85 app, for example, a web page. It replaces iframes that point to remote URLs,
86 which are disabled inside Chrome Apps. Unlike iframes, the 86 which are disabled inside Chrome Apps. Unlike iframes, the
87 <code>webview</code> tag runs in a separate process. This means that an exploit 87 <code>webview</code> tag runs in a separate process. This means that an exploit
88 inside of it will still be isolated and won't be able to gain elevated 88 inside of it will still be isolated and won't be able to gain elevated
89 privileges. Further, since its storage (cookies, etc.) is isolated from the app, 89 privileges. Further, since its storage (cookies, etc.) is isolated from the app,
90 there is no way for the web content to access any of the app's data. 90 there is no way for the web content to access any of the app's data.
91 </p> 91 </p>
92 92
93 <h3 id="webview_element">Add webview element</h3> 93 <h3 id="webview_element">Add webview element</h3>
94 94
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after
272 so you can only whitelist all origins 272 so you can only whitelist all origins
273 as acceptable origins ('*'). 273 as acceptable origins ('*').
274 On the receiving end, 274 On the receiving end,
275 you generally want to check the origin; 275 you generally want to check the origin;
276 but since Chrome Apps content is contained, 276 but since Chrome Apps content is contained,
277 it isn't necessary. 277 it isn't necessary.
278 To find out more, 278 To find out more,
279 see <a href="https://developer.mozilla.org/en/DOM/window.postMessage">window.pos tMessage</a>. 279 see <a href="https://developer.mozilla.org/en/DOM/window.postMessage">window.pos tMessage</a>.
280 </p> 280 </p>
281 281
282 <h3 id="listen_message">Listen for message</h3> 282 <h3 id="listen_message">Listen for message and reply</h3>
283 283
284 <p> 284 <p>
285 Here's a sample message receiver 285 Here's a sample message receiver
286 that gets added to your sandboxed page: 286 that gets added to your sandboxed page:
287 </p> 287 </p>
288 288
289 <pre data-filename="sandboxed.html"> 289 <pre data-filename="sandboxed.html">
290 var messageHandler = function(e) { 290 var messageHandler = function(event) {
291 console.log('Background script says hello.', e.data); 291 console.log('Background script says hello.', event.data);
292
293 // Send a reply
294 event.source.postMessage(
295 {'reply': 'Sandbox received: ' + event.data}, event.origin);
292 }; 296 };
293 297
294 window.addEventListener('message', messageHandler); 298 window.addEventListener('message', messageHandler);
295 </pre> 299 </pre>
296 300
301 <p>
302 For more details, check out the
303 <a href="https://github.com/GoogleChrome/chrome-app-samples/tree/master/samples/ sandbox">sandbox</a> sample.
304 </p>
305
297 <p class="backtotop"><a href="#top">Back to top</a></p> 306 <p class="backtotop"><a href="#top">Back to top</a></p>
OLDNEW
« no previous file with comments | « chrome/common/extensions/docs/templates/articles/app_csp.html ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698