GoogleChrome · jpmedley · Jan 10, 2023 · Sep 27, 2022 · Sep 27, 2022 · Sep 27, 2022
diff --git a/site/en/docs/extensions/mv3/manifest/author/index.md b/site/en/docs/extensions/mv3/manifest/author/index.md
@@ -0,0 +1,17 @@
+---
+layout: "layouts/doc-post.njk"
+title: "Manifest - Author"
+date: 2022-10-03
+updated: 2022-10-03
+description: Reference documentation for the author name property of manifest.json.
+---
+
+An optional Manifest key containing a String for a valid email address. If provided, the address should belong to the publisher of the Chrome extension on the Chrome Web Store. For an individual, this can be a personal email address, while businesses may use a contact address. 
+
+```json
+{
+  // ...
+    "author": "example@email.com",
+  // ...
+}
+```
diff --git a/site/en/docs/extensions/mv3/manifest/automation/index.md b/site/en/docs/extensions/mv3/manifest/automation/index.md
@@ -0,0 +1,17 @@
+---
+layout: "layouts/doc-post.njk"
+title: "Manifest - automation"
+date: 2022-10-28
+updated: 
+description: Reference documentation for the automation property of manifest.json.
+---
+
+An optional manifest key only publicly accessible on the Chrome 109 canary [dev channel](www.chromium.org/getting-involved/dev-channel/#how-do-i-choose-which-channel-to-use). Including this manifest key allows access to the [chrome.automation API](/docs/extensions/reference/automation/), exposing access to the automation (accessibility) tree for the browser, which can be used to programmatically interact with a page by examining names, roles, and states, listening for events, and performing actions on nodes. You can specify a list of URL patterns for which this extension may request an automation tree. If not specified, automation permission will be granted for the sites for which the extension has a [host permission](/extensions/declare_permissions#host-permissions) or [activeTab permission](/extensions/declare_permissions#activeTab).
+
+```json
+{
+  // ...
+         "automation": ["https://www.exampleurl.com"],
+  // ...
+}
+```
diff --git a/site/en/docs/extensions/mv3/manifest/content_security_policy/index.md b/site/en/docs/extensions/mv3/manifest/content_security_policy/index.md
@@ -0,0 +1,76 @@
+---
+layout: "layouts/doc-post.njk"
+title: "Manifest - Content Security Policy"
+date: 2022-10-03
+updated: 2022-10-03
+description: Reference documentation for the content security policy properties of manifest.json.
+---
+
+An optional Manifest key defining restrictions on the sources, scripts, and objects able to be used by an extension. Within this manifest key, separate policies can be defined for both extension pages and sandboxed extension pages.
+
+The "extension pages" policy applies to page and worker contexts in the extension. This would include the extension popup, background worker, and tabs with html pages or iframes that were opened by the extension. The sandbox policy applies to all pages specified as a [sandbox page](/docs/extensions/mv3/manifest/sandbox/) in the manifest.
+
+## Default Policy
+
+If the [content security policy](https://developer.mozilla.org/docs/Web/HTTP/CSP) is not defined by the user in the manifest, the default properties will be used for both extension pages and sandboxed extension pages.   
+
+These defaults are equivalent to specifying the following policies in your manifest:
+
+{# This is statically defined in Chromium source. 
+- https://source.chromium.org/chromium/chromium/src/+/main:extensions/common/manifest_handlers/csp_info.cc?q=kDefaultMV3CSP
+-https://source.chromium.org/chromium/chromium/src/+/main:extensions/common/manifest_handlers/csp_info.cc?q=kDefaultSandboxedPageContentSecurityPolicy
+#}
+```json
+{
+  // ...
+  "content_security_policy": {
+    "extension_pages": "script-src 'self'; object-src 'self';",
+    "sandbox": "sandbox allow-scripts allow-forms allow-popups allow-modals; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';"
+  }
+  // ...
+}
+```
+
+In this case, the extension will only load local scripts and objects from its own packaged resources. WebAssembly will be disabled, and the extension will not run in-line Javascript or be able to evaluate strings as executable code. If a sandbox page is added, it will have more relaxed permissions for evaluating scripts from outside the extension.
+
+## Minimum and customized Content Security Policies
+
+Developers may add or remove rules for their extension, or use the minimum required content  security policy, to fit the needs of their project. 
+
+### Extension Pages Policy
+
+Chrome enforces a minimum content security policy for extension pages. It is equivalent to specifying the following policy in your manifest:
+
+{# This is statically defined in Chromium source. 
+- https://source.chromium.org/chromium/chromium/src/+/main:extensions/common/manifest_handlers/csp_info.cc?q=kMinimumMV3CSP
+#}
+```json
+{
+  // ...
+  "content_security_policy": {
+    "extension_pages": "script-src 'self' 'wasm-unsafe-eval'; object-src 'self';"
+  }
+  // ...
+}
+```
+
+The `extension_pages` policy cannot be relaxed beyond this minimum value. In other words, developers cannot add the `'unsafe-eval'` expression to the `script-src` directive in order to call `eval()` in extension page or worker contexts. Attempting to load an extension with such a CSP will cause Chrome to throw the following error at install time:
+
+```json
+'content_security_policy.extension_pages': Insecure CSP value "'unsafe-eval'" in directive 'script-src'.
+```
+### Sandbox Pages Policy
+
+The default content security policy for sandbox pages is as follows:
+
+```json
+{
+  // ...
+  "content_security_policy": {
+    "sandbox": "sandbox allow-scripts allow-forms allow-popups allow-modals; script-src 'self' 'unsafe-inline' 'unsafe-eval'; child-src 'self';"
+  }  
+  // ...
+}
+```
+
+The default policy for sandboxed pages is much more lenient than with extension pages, as the sandbox page does not have access to extension APIs, or direct access to non-sandboxed pages. The sandbox content security policy can be customized as desired.
diff --git a/site/en/docs/extensions/mv3/manifest/input_component/index.md b/site/en/docs/extensions/mv3/manifest/input_component/index.md
@@ -0,0 +1,9 @@
+---
+layout: "layouts/doc-post.njk"
+title: "Manifest - input_component"
+date: 2022-10-28
+updated: 
+description: Reference documentation for the input_component property of manifest.json.
+---
+
+An optional Manifest key enabling the use of the  [input.ime API](/docs/extensions/reference/input_ime/) (Input Method Editor) for use with ChromeOS. This allows your extension to handle keystrokes, set the composition, and open assistive windows. Including the key in the extension manifest is done under Permissions.