Add-ons/Reviewers/MiscCannedResponses: Difference between revisions

This is a bit of a clipboard for the most active editors that need access to some not-very-frequently used canned responses.

For Video Downloader Add-ons

We appreciate your submission, but there are already several add-ons listed on AMO with near identical functionality as yours. Having so many similar add-ons listed isn't beneficial to our users, so we have only granted your entry preliminary approval for now.

If you plan to significantly differentiate your add-on from the others, we encourage you to continue working on it and submit again once you have produced a more unique offering.

Thank you

Altering DOM by textually modifying innerHTML

I find I'm using this more often than I could have expected:

You alter the markup of documents by textually modifying their innerHTML. This causes the entire document to be re-parsed, which aside from the inefficiency has critical drawbacks, including invalidating any JavaScript reference to replaced DOM nodes, clearing any JavaScript properties and event listeners on replaced DOM nodes, re-executing any script tags in the changed markup, and causing said scripts to fail if they rely on document.write. Please create and alter DOM nodes with DOM methods such as createElement and replaceChild, and the textContent rather than innerHTML property.

Miscellaneous Quoting Issues

HTML

Your add-on creates DOM nodes with raw HTML strings containing unsanitized string data. While the recommended method of creating DOM nodes is to use JavaScript DOM building methods such as createElement and appendChild (see https://developer.mozilla.org/en/How_to_create_a_DOM_tree) or one of the libraries which simplify using this method, creating content via strings is allowed if non-static data is sanitized with a function such as the following:


   function escapeHTML(str) str.replace(/[&"<>]/g, function (m) "&" + ({ "&": "amp", '"': "quot", "<": "lt", ">": "gt" })[m] + ";");

URL Query Parameters

You need to URL encode your GET query parameters with the encodeURIComponent function so that characters like %, &, and # are not misinterpreted.

SQL Query Parameters

Splicing unquoted strings into SQL statements is always error prone and dangerous when that data is from a remote source. Please use parameter placeholders instead: https://developer.mozilla.org/en/storage#section_8

ShortName Values >16 Characters

The ShortName element must have a value not longer than 16 characters.

Sticky Toolbar Buttons

Your add-on makes it impossible for a user to permanently remove its toolbar button, which we can't allow. Inserting your toolbar button at first run is fine, and recommended, but doing so at every startup or making it impossible to move or remove it is not.

Synchronous XMLHttpRequests

Your add-on makes remote, synchronous XMLHttpRequests which have the ability to lock-up the browser UI and are not allowed in public add-ons. Please use asynchronous requests instead.

setTimeout/setInterval

Your add-on calls the setTimeout or setInterval functions with string rather than function arguments, which is normally not allowed. For instance, setTimeout('object.doStuff()') should be written as setTimeout(function () { object.doStuff() }) instead.

Preferences not in "extensions."

Extension preferences should be stored in the "extensions." branch.  So rather than "myextension.abcpref" it should "extensions.myextension.abcpref".

Use ctypes or NPAPI plugins rather than XPCOM

p.s. you might want to investigate if using ctypes or rewriting as a NPAPI plugin would work for your addon instead. 
If so then the binaries wouldn't need recompiling for each Firefox release.
ctypes:
http://adblockplus.org/blog/binary-xpcom-components-are-dead-js-ctypes-is-the-way-to-go
NPAPI:
https://developer.mozilla.org/en/Plugins