search

ineffyble / tooter

Add 'Toot' and 'Share to Mastodon' buttons to the web
MIT License
77 stars 4 forks source link

Fix issues preventing Firefox approval #12

Closed ineffyble closed 7 years ago

ineffyble commented 7 years ago

Tooter 0.21 was rejected from the Firefox Addon store for the following reasons:

1) Please include all static resources like images, css, fonts in the add-on.

2) This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en/XUL_School/DOM_Building_and_HTML_Insertion . Here are some examples that were discovered:

  • tooter-admin.js#L26
  • content/twitter.js#L21
ineffyble commented 7 years ago

This should all be resolved - waiting on Firefox review.