firefox rejected v0.4.4 (and v0.4.3 and didn't tell me)

[kheina]

Your Extension Blue Blocker was manually reviewed by the Mozilla Add-ons team in an assessment performed on our own initiative of content that was submitted to Mozilla Add-ons.

Our review found that your content violates the following Mozilla policy or policies:

• Other, specifically Issue not covered by other reasons: The fact that you're only collecting twitter API related information and sending it to your server means your add-on still requires a consent dialog. If it's possible to identify the user through this information, then it's considered personal data and it absolutely requires an opt-in. For more information, please see https://extensionworkshop.com/documentation/publish/add-on-policies/#data-disclosure-collection-and-management and https://extensionworkshop.com/documentation/develop/best-practices-for-collecting-user-data-consents/ .

• Security, specifically Unsanitized DOM injection: This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered:

src\pages\queue\index.ts - line 56
src\pages\history\index.ts line 54.

Affected versions: 0.4.4

Based on that finding, those versions of your Extension have been disabled on https://addons.mozilla.org/addon/blue-blocker/ and are no longer available for download from Mozilla Add-ons, anywhere in the world. Users who have previously installed those versions will be able to continue using them.

You may upload a new version which addresses the policy violation(s).

More information about Mozilla's add-on policies can be found at https://extensionworkshop.com/documentation/publish/add-on-policies/.

[kheina]

I'll fix those two instances and push a new version tonight. I'll also add to the reviewer notes something about how we're not sending shit to "our" server, we don't have a server and we don't collect anything

[cooljeanius]

Maybe we could also make that clearer in the copy of the privacy policy stored in this repo?

[gbootsma]

So, this might just be me, but it kind of feels like the people at Mozilla really don't want this to get updated.

Hopefully v0.4.5 will be approved soon!

[kheina]

yeah, that occurred to me too. I'm really hoping that's not the case, though

[futuresushi]

Hoping for the best in the new approvals process! I've been happily loading 0.4.2 in the debug add-ons but have been unable to get any of the newer ones to work due to being a bit of a Code Dipshit, so naturally "put it in the store where I click one button" is my ideal solution. Thank you so much for your hard work!