JettBurns14
commented
3 years ago I don't recall working on the Ace scripts feature, so not sure how that'd be fixed.
Regarding unsanitized data, perhaps we can add a general checker/filtering function every time we inject data into HTML. I can imagine users getting creative and possibly getting an alert popup if they really tried, but I haven't heard of any issues coming from this design of ours.
I'm fine writing a privacy policy, if we fix the other issues. I welcome any PRs which get the ball rolling on these things!
I'd like to get the extension back on Firefox one day... but I'm busy with other things currently. Would love to get back into this project if I get some time!
MatthiasPortzel
The KA Extension was recently removed from the Mozilla webstore for the following issues:
Including remote Ace scripts from JS Delivr here
"Creating DOM nodes from HTML strings containing potentially unsanitized data", here, here, and "probably others"
Additionally, they are asking for a privacy policy.
I have no plans to address these problems at this time.