Add-ons/Reviewers/MiscCannedResponses: Difference between revisions
Jump to navigation
Jump to search
(Add snippet for altering DOM by textual modification of innerHTML) |
|||
| Line 1: | Line 1: | ||
This is a bit of a clipboard for the most active editors that need access to some not-very-frequently used canned responses. | This is a bit of a clipboard for the most active editors that need access to some not-very-frequently used canned responses. | ||
== For Video Downloader Add-ons == | == For Video Downloader Add-ons == | ||
We appreciate your submission, but there are already several add-ons listed on AMO with near identical functionality as yours. Having so many similar add-ons listed isn't beneficial to our users, so we have only granted your entry preliminary approval for now. | <pre style="white-space: pre-wrap;">We appreciate your submission, but there are already several add-ons listed on AMO with near identical functionality as yours. Having so many similar add-ons listed isn't beneficial to our users, so we have only granted your entry preliminary approval for now. | ||
If you plan to significantly differentiate your add-on from the others, we encourage you to continue working on it and submit again once you have produced a more unique offering. | If you plan to significantly differentiate your add-on from the others, we encourage you to continue working on it and submit again once you have produced a more unique offering. | ||
Thank you | Thank you</pre> | ||
== Altering DOM by textually modifying innerHTML == | |||
I find I'm using this more often than I could have expected: | |||
<pre style="white-space: pre-wrap;">You alter the markup of documents by textually modifying their innerHTML. This causes the entire document to be re-parsed, which aside from the inefficiency has critical drawbacks, including invalidating invalidating any JavaScript reference to replaced DOM nodes, clearing any JavaScript properties and event listeners on replaced DOM nodes, re-executing any script tags in the changed markup, and causing said scripts to fail if they rely on document.write. Please create and alter DOM nodes with DOM methods such as createElement and replaceChild, and the textContent rather than innerHTML property.</pre> | |||
== Miscellaneous Quoting Issues == | == Miscellaneous Quoting Issues == | ||
| Line 16: | Line 22: | ||
function escapeHTML(str) str.replace(/[&"<>]/g, function (m) "&" + ({ "&": "amp", '"': "quot", "<": "lt", ">": "gt" })[m] + ";"); | function escapeHTML(str) str.replace(/[&"<>]/g, function (m) "&" + ({ "&": "amp", '"': "quot", "<": "lt", ">": "gt" })[m] + ";"); | ||
</pre> | </pre> | ||
=== URL Query Parameters === | === URL Query Parameters === | ||
You need to URL encode your GET query parameters with the encodeURIComponent function so that characters like | <pre style="white-space: pre-wrap;">You need to URL encode your GET query parameters with the encodeURIComponent function so that characters like %, &, and # are not misinterpreted.</pre> | ||
=== SQL Query Parameters === | === SQL Query Parameters === | ||
Splicing unquoted strings into SQL statements is always error prone and dangerous when that data is from a remote source. Please use parameter placeholders instead: <nowiki>https://developer.mozilla.org/en/storage#section_8</nowiki> | <pre style="white-space: pre-wrap;">Splicing unquoted strings into SQL statements is always error prone and dangerous when that data is from a remote source. Please use parameter placeholders instead: <nowiki>https://developer.mozilla.org/en/storage#section_8</nowiki></pre> | ||
== ShortName Values >16 Characters == | == ShortName Values >16 Characters == | ||
The ShortName element must have a value not longer than 16 characters. | <pre style="white-space: pre-wrap;">The ShortName element must have a value not longer than 16 characters.</pre> | ||
== Sticky Toolbar Buttons == | == Sticky Toolbar Buttons == | ||
Your add-on makes it impossible for a user to permanently remove its toolbar button, which we can't allow. Inserting your toolbar button at first run is fine, and recommended, but doing so at every startup or making it possible to move or remove it is not. | <pre style="white-space: pre-wrap;">Your add-on makes it impossible for a user to permanently remove its toolbar button, which we can't allow. Inserting your toolbar button at first run is fine, and recommended, but doing so at every startup or making it possible to move or remove it is not.</pre> | ||
== Synchronous XMLHttpRequests == | == Synchronous XMLHttpRequests == | ||
Your add-on makes remote, synchronous XMLHttpRequests which have the ability to lock-up the browser UI and are not allowed in public add-ons. Please use asynchronous requests instead. | <pre style="white-space: pre-wrap;">Your add-on makes remote, synchronous XMLHttpRequests which have the ability to lock-up the browser UI and are not allowed in public add-ons. Please use asynchronous requests instead.</pre> | ||
Revision as of 04:01, 1 March 2011
This is a bit of a clipboard for the most active editors that need access to some not-very-frequently used canned responses.
For Video Downloader Add-ons
We appreciate your submission, but there are already several add-ons listed on AMO with near identical functionality as yours. Having so many similar add-ons listed isn't beneficial to our users, so we have only granted your entry preliminary approval for now. If you plan to significantly differentiate your add-on from the others, we encourage you to continue working on it and submit again once you have produced a more unique offering. Thank you
Altering DOM by textually modifying innerHTML
I find I'm using this more often than I could have expected:
You alter the markup of documents by textually modifying their innerHTML. This causes the entire document to be re-parsed, which aside from the inefficiency has critical drawbacks, including invalidating invalidating any JavaScript reference to replaced DOM nodes, clearing any JavaScript properties and event listeners on replaced DOM nodes, re-executing any script tags in the changed markup, and causing said scripts to fail if they rely on document.write. Please create and alter DOM nodes with DOM methods such as createElement and replaceChild, and the textContent rather than innerHTML property.
Miscellaneous Quoting Issues
HTML
Your add-on creates DOM nodes with raw HTML strings containing unsanitized string data. While the recommended method of creating DOM nodes is to use JavaScript DOM building methods such as createElement and appendChild (see https://developer.mozilla.org/en/How_to_create_a_DOM_tree) or one of the libraries which simplify using this method, creating content via strings is allowed if non-static data is sanitized with a function such as the following:
function escapeHTML(str) str.replace(/[&"<>]/g, function (m) "&" + ({ "&": "amp", '"': "quot", "<": "lt", ">": "gt" })[m] + ";");
URL Query Parameters
You need to URL encode your GET query parameters with the encodeURIComponent function so that characters like %, &, and # are not misinterpreted.
SQL Query Parameters
Splicing unquoted strings into SQL statements is always error prone and dangerous when that data is from a remote source. Please use parameter placeholders instead: https://developer.mozilla.org/en/storage#section_8
ShortName Values >16 Characters
The ShortName element must have a value not longer than 16 characters.
Sticky Toolbar Buttons
Your add-on makes it impossible for a user to permanently remove its toolbar button, which we can't allow. Inserting your toolbar button at first run is fine, and recommended, but doing so at every startup or making it possible to move or remove it is not.
Synchronous XMLHttpRequests
Your add-on makes remote, synchronous XMLHttpRequests which have the ability to lock-up the browser UI and are not allowed in public add-ons. Please use asynchronous requests instead.