docs: clarify terminologies in chrome-untrusted:// explainer
Made it clear that a chrome:// _page_ embeds a chrome-untrusted:// _subframe_. Previously, we omit "page" and "subframe". Change-Id: Ic90688780e91c68f60083714aca4932ab6c47932 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2699327 Auto-Submit: Jiewei Qian <qjw@chromium.org> Reviewed-by: Giovanni Ortuño Urquidi <ortuno@chromium.org> Commit-Queue: Giovanni Ortuño Urquidi <ortuno@chromium.org> Cr-Commit-Position: refs/heads/master@{#854541}
This commit is contained in:
Jiewei Qian
committed by
Chromium LUCI CQ
Chromium LUCI CQ
parent
463bced276
commit
29b8e3b9c8
@ -62,7 +62,7 @@ We currently use `postMessage()` to expose certain APIs to `chrome-untrusted://`
|
||||
We are hoping to move to Mojo to improve auditability of these APIs and to make the security review required.
|
||||
|
||||
## Can chrome-untrusted:// be the main document or does it need to be embedded in a `chrome://` page?
|
||||
Yes, `chrome-untrusted://` can be the main document, although the most common case is for `chrome://` to embed a `chrome-untrusted://` page.
|
||||
Yes, `chrome-untrusted://` can be the main document, although the most common case is for a `chrome://` page to embed a `chrome-untrusted://` subframe.
|
||||
|
||||
That said, the `chrome-untrusted://` scheme is an implementation detail of the WebUI and should never be shown to users. This should be factored into account when deciding whether or not to use `chrome-untrusted://` as the main document.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user