Google Git
Sign in
chromium / chromium / chromium / 34950274996196a68e02f23c9d05ec29dd82ad53 / . / chrome / common / extensions / docs / npapi.html
blob: 65a05109a28569c093d7fc3313ca711bd73cc157 [file] [log] [blame]
<!DOCTYPE html><!-- This page is a placeholder for generated extensions api doc. Note:
1) The <head> information in this page is significant, should be uniform
across api docs and should be edited only with knowledge of the
templating mechanism.
3) All <body>.innerHTML is genereated as an rendering step. If viewed in a
browser, it will be re-generated from the template, json schema and
authored overview content.
4) The <body>.innerHTML is also generated by an offline step so that this
page may easily be indexed by search engines.
--><html xmlns="http://www.w3.org/1999/xhtml"><head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<link href="css/ApiRefStyles.css" rel="stylesheet" type="text/css">
<link href="css/print.css" rel="stylesheet" type="text/css" media="print">
<script type="text/javascript" src="../../../third_party/jstemplate/jstemplate_compiled.js">
</script>
<script type="text/javascript" src="../../../../third_party/json_minify/minify-sans-regexp.js">
</script>
<script type="text/javascript" src="js/api_page_generator.js"></script>
<script type="text/javascript" src="js/bootstrap.js"></script>
<script type="text/javascript" src="js/sidebar.js"></script>
<title>NPAPI Plugins - Google Chrome Extensions - Google Code</title></head>
<body> <div id="devModeWarning" class="displayModeWarning">
You are viewing extension docs in chrome via the 'file:' scheme: are you expecting to see local changes when you refresh? You'll need run chrome with --allow-file-access-from-files.
</div>
<div id="branchWarning" class="displayModeWarning">
<span>WARNING: This is the <span id="branchName">BETA</span> documentation.
It may not work with the stable release of Chrome.</span>
<select id="branchChooser">
<option>Choose a different version...
</option><option value="">Stable
</option><option value="beta">Beta
</option><option value="dev">Dev
</option><option value="trunk">Trunk
</option></select>
</div>
<div id="unofficialWarning" class="displayModeWarning">
<span>WARNING: This is unofficial documentation. It may not work with the
current release of Chrome.</span>
<button id="goToOfficialDocs">Go to the official docs</button>
</div>
<div id="gc-container" class="labs">
<!-- SUBTEMPLATES: DO NOT MOVE FROM THIS LOCATION -->
<!-- In particular, sub-templates that recurse, must be used by allowing
jstemplate to make a copy of the template in this section which
are not operated on by way of the jsskip="true" -->
<!-- /SUBTEMPLATES -->
<a id="top"></a>
<div id="skipto">
<a href="#gc-pagecontent">Skip to page content</a>
<a href="#gc-toc">Skip to main navigation</a>
</div>
<!-- API HEADER -->
<table id="header" width="100%" cellspacing="0" border="0">
<tbody><tr>
<td valign="middle"><a href="http://code.google.com/"><img src="images/code_labs_logo.gif" height="43" width="161" alt="Google Code Labs" style="border:0; margin:0;"></a></td>
<td valign="middle" width="100%" style="padding-left:0.6em;">
<form action="http://www.google.com/cse" id="cse" style="margin-top:0.5em">
<div id="gsc-search-box">
<input type="hidden" name="cx" value="002967670403910741006:61_cvzfqtno">
<input type="hidden" name="ie" value="UTF-8">
<input type="text" name="q" value="" size="55">
<input class="gsc-search-button" type="submit" name="sa" value="Search">
<br>
<span class="greytext">e.g. "page action" or "tabs"</span>
</div>
</form>
<script type="text/javascript" src="https://www.google.com/jsapi"></script>
<script type="text/javascript">google.load("elements", "1", {packages: "transliteration"});</script>
<script type="text/javascript" src="https://www.google.com/coop/cse/t13n?form=cse&amp;t13n_langs=en"></script>
<script type="text/javascript" src="https://www.google.com/coop/cse/brand?form=cse&amp;lang=en"></script>
</td>
</tr>
</tbody></table>
<div id="codesiteContent" class="">
<a id="gc-topnav-anchor"></a>
<div id="gc-topnav">
<h1>Google Chrome Extensions (<a href="http://code.google.com/labs/">Labs</a>)</h1>
<ul id="home" class="gc-topnav-tabs">
<li id="home_link">
<a href="index.html" title="Google Chrome Extensions home page">Home</a>
</li>
<li id="docs_link">
<a href="docs.html" title="Official Google Chrome Extensions documentation">Docs</a>
</li>
<li id="faq_link">
<a href="faq.html" title="Answers to frequently asked questions about Google Chrome Extensions">FAQ</a>
</li>
<li id="samples_link">
<a href="samples.html" title="Sample extensions (with source code)">Samples</a>
</li>
<li id="group_link">
<a href="http://groups.google.com/a/chromium.org/group/chromium-extensions" title="Google Chrome Extensions developer forum">Group</a>
</li>
<li id="so_link">
<a href="http://stackoverflow.com/questions/tagged/google-chrome-extension" title="[google-chrome-extension] tag on Stack Overflow">Questions?</a>
</li>
</ul>
</div> <!-- end gc-topnav -->
<div class="g-section g-tpl-170">
<!-- SIDENAV -->
<div class="g-unit g-first" id="gc-toc">
<ul>
<li><a href="getstarted.html">Getting Started</a></li>
<li><a href="overview.html">Overview</a></li>
<li><a href="whats_new.html">What's New?</a></li>
<li><h2><a href="devguide.html">Developer's Guide</a></h2>
<ul>
<li>Browser UI
<ul>
<li><a href="browserAction.html">Browser Actions</a></li>
<li><a href="contextMenus.html">Context Menus</a></li>
<li><a href="notifications.html">Desktop Notifications</a></li>
<li><a href="omnibox.html">Omnibox</a></li>
<li><a href="options.html">Options Pages</a></li>
<li><a href="override.html">Override Pages</a></li>
<li><a href="pageAction.html">Page Actions</a></li>
</ul>
</li>
<li>Browser Interaction
<ul>
<li><a href="bookmarks.html">Bookmarks</a></li>
<li><a href="cookies.html">Cookies</a></li>
<li><a href="devtools.html">Developer Tools</a></li>
<li><a href="events.html">Events</a></li>
<li><a href="history.html">History</a></li>
<li><a href="management.html">Management</a></li>
<li><a href="tabs.html">Tabs</a></li>
<li><a href="windows.html">Windows</a></li>
</ul>
</li>
<li>Implementation
<ul>
<li><a href="a11y.html">Accessibility</a></li>
<li><a href="background_pages.html">Background Pages</a></li>
<li><a href="content_scripts.html">Content Scripts</a></li>
<li><a href="xhr.html">Cross-Origin XHR</a></li>
<li><a href="i18n.html">Internationalization</a></li>
<li><a href="messaging.html">Message Passing</a></li>
<li><a href="permissions.html">Optional Permissions</a></li>
<li class="leftNavSelected">NPAPI Plugins</li>
</ul>
</li>
<li>Finishing
<ul>
<li><a href="hosting.html">Hosting</a></li>
<li><a href="external_extensions.html">Other Deployment Options</a></li>
</ul>
</li>
</ul>
</li>
<li><h2><a href="apps.html">Packaged Apps</a></h2></li>
<li><h2><a href="tutorials.html">Tutorials</a></h2>
<ul>
<li><a href="tut_debugging.html">Debugging</a></li>
<li><a href="tut_analytics.html">Google Analytics</a></li>
<li><a href="tut_oauth.html">OAuth</a></li>
</ul>
</li>
<li><h2>Reference</h2>
<ul>
<li>Formats
<ul>
<li><a href="manifest.html">Manifest Files</a></li>
<li><a href="match_patterns.html">Match Patterns</a></li>
</ul>
</li>
<li><a href="permission_warnings.html">Permission Warnings</a></li>
<li><a href="api_index.html">chrome.* APIs</a></li>
<li><a href="api_other.html">Other APIs</a></li>
</ul>
</li>
<li><h2><a href="samples.html">Samples</a></h2></li>
<div class="line"> </div>
<li><h2>More</h2>
<ul>
<li><a href="http://code.google.com/chrome/webstore/docs/index.html">Chrome Web Store</a></li>
<li><a href="http://code.google.com/chrome/apps/docs/developers_guide.html">Hosted Apps</a></li>
<li><a href="themes.html">Themes</a></li>
</ul>
</li>
</ul>
</div>
<script>
initToggles();
</script>
<div class="g-unit" id="gc-pagecontent">
<div id="pageTitle">
<h1 class="page_title">NPAPI Plugins</h1>
</div>
<!-- TABLE OF CONTENTS -->
<!-- /TABLE OF CONTENTS -->
<!-- Standard content lead-in for experimental API pages -->
<!-- STATIC CONTENT PLACEHOLDER -->
<div id="static"><div id="pageData-name" class="pageData">NPAPI Plugins</div>
<p>
Leveraging HTML and JavaScript
makes developing new extensions really easy,
but what if you have existing legacy or proprietary code
that you want to reuse in your extension?
You can bundle an NPAPI plugin with your extension,
allowing you to call into native binary code from JavaScript.
</p>
<h2>Warning</h2>
<p align="center"><b>NPAPI is a really big hammer that should only be used when no other approach will work.</b>
</p><p>Code running in an NPAPI plugin has the full permissions of the current user and is not sandboxed or shielded from malicious input by Google Chrome in any way. You should be especially cautious when processing input from untrusted sources, such as when working with <a href="content_scripts.html#security-considerations">content scripts</a> or XMLHttpRequest.
</p><p>Because of the additional security risks NPAPI poses to users, extensions that use it will require manual review before being accepted in the
<a href="https://chrome.google.com/webstore">Chrome Web Store</a>.</p>
<h2>Details</h2>
<p>
How to develop an NPAPI plugin is outside the scope of this document.
See <a href="https://developer.mozilla.org/en/Plugins">Mozilla's
NPAPI plugin reference</a> for information on how to do that.
</p>
<p>
Once you have an NPAPI plugin,
follow these steps to get your extension using it.
</p>
<ol>
<li>
Add a section to your extension's <code>manifest.json</code>
that describes where to find the plugin,
along with other properties about it:
<pre>{
"name": "My extension",
...
<b>"plugins": [
{ "path": "content_plugin.dll", "public": true },
{ "path": "extension_plugin.dll" }
]</b>,
...
}</pre>
<p>
The "path" property specifies the path to your plugin,
relative to the manifest file.
The "public" property specifies whether
your plugin can be accessed by regular web pages;
the default is false,
meaning only your extension can load the plugin.
</p>
</li>
<li>
Create an HTML file that loads your plugin by mime-type.
Assuming your mime-type is "application/x-my-extension":
<pre>&lt;embed type="application/x-my-extension" id="pluginId"&gt;
&lt;script&gt;
var plugin = document.getElementById("pluginId");
var result = plugin.myPluginMethod(); // call a method in your plugin
console.log("my plugin returned: " + result);
&lt;/script&gt;</pre>
<p>
This can be inside a background page
or any other HTML page used by your extension.
If your plugin is "public",
you can even use a content script to programmatically
insert your plugin into a web page.
</p>
</li>
</ol>
<h2 id="security-considerations">Security considerations</h2>
<p>
Including an NPAPI plugin in your extension is dangerous because plugins
have unrestricted access to the local machine. If your plugin contains
a vulnerability, an attacker might be able to exploit that vulnerability
to install malicious software on the user's machine. Instead, avoid
including an NPAPI plugin whenever possible.
</p>
<p>
Marking your NPAPI plugin "public" increase the attack surface of your
extension because the plugin is exposed directly to web content, making
it easier for a malicious web site to manipulate your plugin. Instead,
avoid making your NPAPI plugin public whenever possible.
</p>
</div>
<!-- API PAGE -->
<!-- /apiPage -->
</div> <!-- /gc-pagecontent -->
</div> <!-- /g-section -->
</div> <!-- /codesiteContent -->
<div id="gc-footer" --="">
<div class="text">
<p>
Except as otherwise <a href="http://code.google.com/policies.html#restrictions">noted</a>,
the content of this page is licensed under the <a rel="license" href="http://creativecommons.org/licenses/by/3.0/">Creative Commons
Attribution 3.0 License</a>, and code samples are licensed under the
<a rel="license" href="http://code.google.com/google_bsd_license.html">BSD License</a>.
</p>
<p>
©2011 Google
</p>
<!-- begin analytics -->
<script src="https://www.google-analytics.com/urchin.js" type="text/javascript"></script>
<script src="https://www.google-analytics.com/ga.js" type="text/javascript"></script>
<script type="text/javascript">
// chrome doc tracking
try {
var engdocs = _gat._getTracker("YT-10763712-2");
engdocs._trackPageview();
} catch(err) {}
// code.google.com site-wide tracking
try {
_uacct="UA-18071-1";
_uanchor=1;
_uff=0;
urchinTracker();
}
catch(e) {/* urchinTracker not available. */}
</script>
<!-- end analytics -->
</div>
</div> <!-- /gc-footer -->
</div> <!-- /gc-container -->
</body></html>