Describe the bug
Apparantly Firfox finds a lot of problems in the extension, and they need to be fixed before they can review it. I am attaching the review I recieved here.
Details:
This version didn't pass review because of the following problems:
1) We don't allow add-ons to use remote scripts because they can create serious security vulnerabilities. We also need to review all add-on code, and this makes it much more difficult. Please insert those scripts locally from your add-on code and also remove them from CSP declaration.
settings\index.html - lines 10.11
analytics.js - line 13
popup.html - lines 10,11
2) This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered:
getCardsList - lines 49, 56
3) Please remove the remote css files and add them locally.
settings\index.html - line 8
popup.html - line 8
4) This version contains minified, concatenated or otherwise machine-generated code. Please provide the original sources, together with instructions on how to generate the final XPI. Source code must be provided as an archive and uploaded using the source code upload field, which can be done during submission or on the version page in the developer hub.
Please read through the instructions at https://extensionworkshop.com/documentation/publish/source-code-submission/ .
lib\client.js
Please fix them and submit again.
Prakort
commented
4 years ago
Describe the bug Apparantly Firfox finds a lot of problems in the extension, and they need to be fixed before they can review it. I am attaching the review I recieved here.
Time to fix this :)