Docs polish:

* Fixed header alignment and spacing
* Fixed top nav, removed useless/dead links, added sample link instead
* Fixup requirements in samples and getting started page (beta no workie yet, mac and linux do -- at least enough to not be worth mentioning)
* Make vertical separator bar green
* Make default_icon required for page and browser actions
* Fix incorrect description of how onclick works wrt isolated worlds
* Make the page titles be <page title> - Google Chrome Extensions - Google Code
* Add a warning about NPAPI

BUG=28152,27875,28155,28182,27864,27432

Review URL: http://codereview.chromium.org/437001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32798 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 8 insertions, 0 deletions

diff --git a/chrome/common/extensions/docs/static/npapi.html b/chrome/common/extensions/docs/static/npapi.html
index 14542a9..ecf3787 100644
--- a/chrome/common/extensions/docs/static/npapi.html
+++ b/chrome/common/extensions/docs/static/npapi.html
@@ -9,6 +9,14 @@ You can bundle an NPAPI plugin with your extension,
 allowing you to call into native binary code from JavaScript.
 </p>
 
+<h2>Warning</h2>
+
+<p align="center"><b>NPAPI is a really big hammer that should only be used when no other approach will work.</b>
+
+<p>Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with <a href="content_scripts.html#security-considerations">content scripts</a> or XMLHttpRequest.
+
+<p>Because of the additional security risks NPAPI poses to users, extensions that use it will require manual review before being accepted in the extension gallery.
+
 <h2>Details</h2>
 
 <p>