... nothing too surprising here. Feel free to close if you don't feel scared by the output.
$(npm bin)/web-ext lint -s addon
Validation Summary:
errors 0
notices 1
warnings 1
NOTICES:
Code Message Description File Line Column
MOZILLA_COND_OF_USE Violation of Mozilla Words found that violate the Mozilla conditions of webextension/background.js
conditions of use. use. See
https://www.mozilla.org/en-US/about/legal/acceptable…
-use/ for more details.
WARNINGS:
Code Message Description File Line Column
UNSAFE_VAR_ASSIGNMENT Unsafe assignment to Due to both security and performance concerns, this webextension/content-scrip… 57 5
innerHTML may not be set using dynamic values which have not t.js
been adequately sanitized. This can lead to security
issues or fairly serious performance degradation.
Not sure if there is a better way to construct links/DOM, but considering the anchor href is set from a const, I don't think there is any XSS risks. But when in doubt, we could ask the sec team.
... nothing too surprising here. Feel free to close if you don't feel scared by the output.
The "NOTICE" is the following naughty word (per mozilla/addons-linter /src/badwords.json): https://github.com/gregglind/addon-wr/blob/191d7b000265e174d38a5bcc77d76e67a792dd9e/addon/webextension/background.js#L18
The "WARNING" is the unsanitized
.innerHTML
set, at: https://github.com/gregglind/addon-wr/blob/191d7b000265e174d38a5bcc77d76e67a792dd9e/addon/webextension/content-script.js#L56-L61Not sure if there is a better way to construct links/DOM, but considering the anchor href is set from a
const
, I don't think there is any XSS risks. But when in doubt, we could ask the sec team.