After a full review by the Mozilla Addon team, they have 1 issue to report:
This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en/XUL_School/DOM_Building_and_HTML_Insertion. Here are some examples that were discovered:
After a full review by the Mozilla Addon team, they have 1 issue to report:
https://github.com/gabrielecirulli/hn-special/blob/master/lib/modules/user_tooltips.js#L43