summaryrefslogtreecommitdiffstats
path: root/chrome/common/extensions/docs/static/npapi.html
diff options
context:
space:
mode:
authorabarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-11-20 16:42:17 +0000
committerabarth@chromium.org <abarth@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2009-11-20 16:42:17 +0000
commit5c1b42a28ecd53f8dc4b8e3f43b9818e39f04a60 (patch)
treee1af3fc8edad75c9b8f40a8a490e971d080aa3d9 /chrome/common/extensions/docs/static/npapi.html
parent45a19e98e7bdd706c80c29ed8e0785cfa0695a72 (diff)
downloadchromium_src-5c1b42a28ecd53f8dc4b8e3f43b9818e39f04a60.zip
chromium_src-5c1b42a28ecd53f8dc4b8e3f43b9818e39f04a60.tar.gz
chromium_src-5c1b42a28ecd53f8dc4b8e3f43b9818e39f04a60.tar.bz2
Add some security considerations to our extension docs.
BUG=26594 TEST=None, just documentation Review URL: http://codereview.chromium.org/412003 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@32614 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'chrome/common/extensions/docs/static/npapi.html')
-rw-r--r--chrome/common/extensions/docs/static/npapi.html20
1 files changed, 20 insertions, 0 deletions
diff --git a/chrome/common/extensions/docs/static/npapi.html b/chrome/common/extensions/docs/static/npapi.html
index 817d1b3..14542a9 100644
--- a/chrome/common/extensions/docs/static/npapi.html
+++ b/chrome/common/extensions/docs/static/npapi.html
@@ -66,3 +66,23 @@ follow these steps to get your extension using it.
you can even use a content script to programmatically
insert your plugin into a web page.
</p>
+ </li>
+</ol>
+
+<h2 id="security-considerations">Security considerations</h2>
+
+<p>
+Including an NPAPI plugin in your extension is dangerous because plugins
+have unrestricted access to the local machine. If your plugin contains
+a vulnerability, an attacker might be able to exploit that vulnerability
+to install malicious software on the user's machine. Instead, avoid
+including an NPAPI plugin whenever possible.
+</p>
+
+<p>
+Marking your NPAPI plugin "public" increase the attack surface of your
+extension because the plugin is exposed directly to web content, making
+it easier for a malicious web site to manipulate your plugin. Instead,
+avoid making your NPAPI plugin public whenever possible.
+</p>
+
generated by cgit v1.1 at 2025-01-17 16:44:47 +0000