Work required to submit extension to Firefox Store.

[DominicMaas]

Email:

1) This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered: ts-src\src\scripts\menu.ts line 118, 162 ts-src\src\scripts\common\helpers.ts line 39

2) Please add a privacy policy to this add-on that details which user data is being sent and to what services. The critical things to describe in the policy are how your extension collects, uses, stores, and shares or discloses information about people.If your add-on makes it apparent to websites that it is installed, this must also be mentioned. The policy should be about the extension only, not a copy of the website's privacy policy. It should also be the actual text, as opposed to a link to a privacy policy on a website. The privacy policy can be added in the add-on settings under “Manage Authors & License” on AMO.

3) Also please note that collecting ancillary information (e.g. any data not explicitly required for the add-on’s basic functionality) is prohibited. The data collection allows identifying a specific user, and regularly sending information can additionally allow user tracking. Please provide the user with an opportunity to control the data usage, e.g. an opt-in dialog presented on extension install. See https://blog.mozilla.org/addons/2016/07/15/writing-an-opt-in-ui-for-an-extension/ for details.

4) Please provide us with detailed information on how to test this add-on. If authentication to a website is necessary, give us a test username and password to facilitate our work. This can be provided in the Whiteboard field, which can be found in the Edit Listing page under the Technical Details section. This information is only available to reviewers.

I'll work through this on Sunday (NZ time).

[DominicMaas]

1. Working on it.

2. This extension does not really require a privacy policy.

3. The extension only pushes data to Microsoft after login.

4. Microsoft Account

[DominicMaas]

Turns out I don't really need to do anything. The two innerHTML calls under menu.ts are used to clear the tree (not entering any unknown info) and the innerHTML call used under the helpers.ts file is needed.

I'll re-publish this to the Firefox Addons store later this week.