Issue: Firefox has been disabled (by Mozilla)

[Ephellon]

Describe the error

Mozilla posted a message (I found out by trying to check the Add-on link)

```text This add-on didn't pass review because of the following problems: 1) Extensions defining a content security policy that allows eval ('unsafe-eval') are generally not allowed for security and performance reasons. eval is only necessary in rare cases. Please use a different method or explain why eval is required in your add-on. 2) This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered: - options.js lines 577, 585, 695 3) We don't allow add-ons to use remote scripts because they can create serious security vulnerabilities. We also need to review all add-on code, and this makes it much more difficult. Please insert those scripts locally from your add-on code. - plugn.js lines 514, 586, 603 Also, for the next release, please take care of the following: 1) Your add-on includes a third-party library. Please provide the origin of the exact library version you were using and make sure you are using an exact copy of the original maintainers release version. For more information, refer to https://extensionworkshop.com/documentation/publish/third-party-library-usage/ . - lodash.min.js ```

To Reproduce

N/A

Estimated location

N/A

Screenshots

Extension Information

• Version: 4.1+
• Source: store
• Browser: firefox
• Operating System: Windows Mac *nix

Additional comments

I've posted a retort, and will keep this thread updated

```text Hi. Is there any way I could be notified the add-on has been disabled other than an obscure e-mail? ==== 1. Unsafe Eval (CSP) A) Used in "options.js" and "utils.js" for `function addListener` (:436 and :3455, resp.) because the event listeners get erased creating a copy of a node (I've already tried getting around this other ways, and chose this as the best route) ---- 2. Unsafe DOM Node from HTML Strings B) I'll just continue converting to those to `document.furnish` (see *1) ---- 3. Remote scripts C) All remote scripts are the exact same as the ones provided in the add-on (see *2). They are hosted remotely so that the user doesn't have to constantly update their add-on whenever a supported site changes... I see how the security concerns come into play, but I've already put in blocking features for access to the user's data (see *3). I believe the extension requires this feature D) I've changed lodash to be the "full" implementation. ==== Notes: *1) This doesn't help in any way; it's the same data, but with extra padding surrounding it *2) From the "scripts" and "plugins" folders at https://github.com/webtoplex/webtoplex.github.io/tree/master/web *3) See issues #88, and #152 at https://github.com/SpaceK33z/web-to-plex/ ```

[Ephellon]

If Mozilla disagrees with this, then the Firefox version will be moved to a different branch and no longer supported for future releases and features.

Side note, figured out the folder situation (no help from Mozilla's "tutorials"); folders must be located in a root folder named \data. Still not sure about Opera, as it strictly blocks the extension when a folder named data is found.

[Ephellon]

They posted a reply 6 hours ago, saying "[No, follow the guidelines you've agreed to]." Fair enough, someone else will have to port Firefox from now on, sorry.

I'll fix what they've recommended and drop support at v4.2.0.0

[Ephellon]

v4.2.0.0 should be coming out in 3 months (90 calendar days)

[Ephellon]

Currently working on an Import / Export feature... This should satisfy Mozilla's requests^?

Import/Export managers via JSON files (download option not available for Firefox)

Import/Export settings via JSON files

[Ephellon]

Alright, starting from "scratch," will be a few months, maybe a year (at most). I'm going to build v5, and somehow implement Mozilla's "requests"

[Ephellon]

Alright, starting from "scratch," will be a few months, maybe a year (at most). I'm going to build v5, and somehow implement Mozilla's "requests"

↑ Get rekt nerd