Comments (9)
Justineo
commented on May 20, 2024
2
Hello,
Due to issues discovered during the review process, your add-on GitHub Hovercard has been disabled on addons.mozilla.org and no longer appears in the gallery. Users who have previously installed your add-on will be able to continue using it.
Please see the reviewer's comments below for more information.
Details:
This version didn't pass review because of the following problems:
- This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered:
hovercard.js - line 2067
Please fix them and submit again.
from github-hovercard.
shinenelson
commented on May 20, 2024
1
If you still remember what the problem was, can you please put it up as an issue so that someone can take it up?
From what you have described, I think I know what you are talking about. I might be able to help fix the issue if it is not too grave.
from github-hovercard.
Justineo
commented on May 20, 2024
1
Google sent me a taken down notification yesterday claiming that I didn’t respond to their “previous” violation notification email which I didn’t receive. I contacted Google after that but haven’t received any response yet.
from github-hovercard.
Justineo
commented on May 20, 2024
It has been taken it down by Mozilla and I was told they think there might be security vulnerabilities due to a core feature relies on directly outputting HTML from GitHub API (GitHub’s Markdown rendering API). Unfortunately I haven’t find time to deal with this yet.
from github-hovercard.
levifig
commented on May 20, 2024
@Justineo Has it been removed from the Chrome Web Store for the same reason or have you taken it down? :o
from github-hovercard.
Justineo
commented on May 20, 2024
Update: The Chrome extension is back online. Reviewers for Firefox Add-on haven't replied my inquiry yet.
from github-hovercard.
Pk13055
commented on May 20, 2024
Any updates regarding the firefox extension? I just got a new PC and realized I've been taking this extension for far too granted!
from github-hovercard.
MaxymVlasov
commented on May 20, 2024
Still not available in FF store
from github-hovercard.
lonix1
commented on May 20, 2024
Still unavailable from the addons site. Can it be installed manually?
from github-hovercard.
Related Issues (20)
- Hovercard on profile pictures shows info for the GitHub user named "avatar" HOT 4
- Consider using `github-reserved-names`
- Exclude bots HOT 2
- New GitHub Dark Theme HOT 4
- Conflict with 'Refined GitHub' extension: the reaction names tooltip no longer appears (Chrome only) HOT 1
- Conflict with 'Refined GitHub' extension: its `user-local-time` feature HOT 3
- Access token popup reappears every time I double-click in a hovercard? HOT 2
- Add support for GitHub's new Dimmed Dark theme
- Adjust settings when installed via UserScript [ViolentMonkey - Firefox] HOT 3
- New Paradigm for the Internet - Hoverboxes, HoverCards, Layouts, Workstations
- Cripples speed of GitHub Projects board view
- Add support for GitHub's new Dark High Contrast theme
- Add support for GitHub's new Colorblind themes
- Clearing browser cache deletes token HOT 1
- Add support for GitHub's new Light High Contrast theme
- cmd + h trigger hover card
- Please add support for linked issues
- Add `codespaces` to reserved github usernames list.
- [Feature Request] Add releases count to repo hovercard
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from github-hovercard.