Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

When clicking the FireFox link, I get this webpage: #879

Open
melmakes opened this issue Jun 5, 2024 · 9 comments
Open

When clicking the FireFox link, I get this webpage: #879

melmakes opened this issue Jun 5, 2024 · 9 comments
Labels
bug Something isn't working

Comments

@melmakes
Copy link

melmakes commented Jun 5, 2024

image

@jamespizzurro
Copy link
Owner

Looks like I received two emails from Mozilla on May 28th:

Hello,


Your Extension Picket Line Notifier was manually reviewed by the Mozilla Add-ons team in an assessment performed on our own initiative of content that was submitted to Mozilla Add-ons.

Our review found that your content violates the following Mozilla policy or policies:

    - Security, specifically Other security issue: We noticed that the url you're using (https://gitcdn.link/cdn/jamespizzurro/picket-line-notifier/main/data/strikes.json) is not working.



Affected versions: 0.1.0, 1.0.0, 1.0.1

Based on that finding, those versions of your Extension have been disabled on https://addons.mozilla.org/developers/addon/2730610/versions and are no longer available for download from Mozilla Add-ons, anywhere in the world. Users who have previously installed those versions will be able to continue using them.

You may upload a new version which addresses the policy violation(s).


More information about Mozilla's add-on policies can be found at https://extensionworkshop.com/documentation/publish/add-on-policies/.


Thank you for your attention.
Hello,


Your Extension Picket Line Notifier was manually reviewed by the Mozilla Add-ons team in an assessment performed on our own initiative of content that was submitted to Mozilla Add-ons.

Our review found that your content violates the following Mozilla policy or policies:

    - Security, specifically Unsanitized DOM injection: This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered:
-> popup.js line 51



Affected versions: 1.0.3, 1.1.0, 1.1.1, 1.2.0

Based on that finding, those versions of your Extension have been disabled on https://addons.mozilla.org/ and are no longer available for download from Mozilla Add-ons, anywhere in the world. Users who have previously installed those versions will be able to continue using them.

You may upload a new version which addresses the policy violation(s).


More information about Mozilla's add-on policies can be found at https://extensionworkshop.com/documentation/publish/add-on-policies/.


Thank you for your attention.

We'll need to address these issues before we can get the extension back on Mozilla Add-ons again.

Copy link

github-actions bot commented Jul 7, 2024

This issue is stale because it has been open for 30 days with no activity.

@github-actions github-actions bot added the stale label Jul 7, 2024
@jamespizzurro jamespizzurro added bug Something isn't working and removed stale labels Jul 8, 2024
@d-RLY
Copy link

d-RLY commented Oct 10, 2024

Are there any links to download the xpi file to side-load it? I use FF and a fork of it most of the time and would love to have it added.

@jamespizzurro
Copy link
Owner

Are there any links to download the xpi file to side-load it? I use FF and a fork of it most of the time and would love to have it added.

Initially we distributed an XPI file for this purpose, but it stopped working, so we removed it. And since Firefox doesn't officially support sideloading extensions without them being signed by Mozilla first, we probably won't be able to do that until our extension passes Mozilla's testing to be listed in their add-ons store again again.

In the meantime, maybe try temporarily installing the extension in Firefox using the source code found in this repository? Doing so will require you to toggle on some developer functionality in your browser though.

@katerberg
Copy link
Contributor

For what it's worth, the link referenced also does not load for me.

Would a PR that removes this call and just goes to jsDeliver instead during the failure process be accepted?

I'm happy to do that if so.

@jamespizzurro
Copy link
Owner

@katerberg Yes, I think that would at least resolve the first issue Mozilla noted, but the second one might require more work, and I think both need to be resolved in order to get us listed on Mozilla Add-ons again. I could take a stab at tackling the second issue though if you were to take on the first one! :)

@katerberg
Copy link
Contributor

Perfect! I'll add it to my to-do over this weekend.

I keep accidentally opening NYT links and would love to have this add-on back!

@jamespizzurro
Copy link
Owner

With #1036 now done thanks to @katerberg, I'll take a look at resolving the rest this week using this documentation as a guide. Once all changes are in, I'll build and submit a new version of the browser extension to Google, Mozilla, and Microsoft for review for their respective browsers.

@jamespizzurro
Copy link
Owner

I apologize for the delay in me circling back to this. I haven't had much time to dive into what remains to fix the other issue Mozilla pointed out, but it doesn't seem too involved, we'll probably just need to add another content script. Someone else is welcome to take point on this if they'd like.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

No branches or pull requests

4 participants