From MozillaWiki
Jump to: navigation, search

FirefoxOS Add-on Review guide

Accessing the Review Tools

  • Device dependant
  • Press FirefoxOS Add-ons button
  • Press Review Add-ons button
  • Default is pending queue
    • sort is newest first (! - its the wrong order currently)
  • Add-on name or 'review this add-on' links go to review page

Device Setup

  • You need a 2.5 build of FirefoxOS - the one released on branch date around 2 Nov, or as near as you can get (there were last minute features landing)
  • Enable reviewer certificates in the settings menu, like with apps.
  • You shouldn't need to set any other preferences or enable developer mode

Testing Procedure

  • Download the zip file for the latest version (no in-site file viewer)
  • Inspect the manifest to see what pages or apps are affected
    • obfuscated code - if its trivial and you can de-obfuscate then fine; if its large or still incomprehensible then we must request source code and obfuscation instructions to match output zip. See security guide obfuscation section for more details.
    • note any syntax errors or invalid properties. Common issues are in canned responses
    • Consider if pattern is appropriate, e.g. matching all urls when it only affects one app or site
  • inspect the content scripts
    • read every line and establish what the scripts is doing/changing/inserting
    • if there are further regex or filtering of affected urls inside, again check for appropriateness.
      • url.indexOf('blah')!=-1 is normally bad
  • check compliance with the review criteria - especially the security section.
  • generally consider quality of the add-on - these will be the first few add-ons that users are able to install. We aren't setting a quality bar, but we can be picky about things that need fixing.
  • once code review is done install on device
    • see device setup
    • see Login/Navigating (no 'reviewing' shortcut queue)
  • if the add-on just affects websites
    • opening an affected site in the browser app, or the hosted webapp (e.g. Twitter) is enough to test.
  • if the add-on affects system
    • we must check disabling:
      • toggle off in settings|Add-ons
      • We don't (currently) require an 100% removal after just disable (the user is warned they should reboot) but the device should still be usable. Either the disable should work cleanly and all add-on changes reverted; or the add-on functionality should completely work until reboot.
    • and uninstall:
      • reboot the device after uninstalling in settings|Add-ons (the disable eventListeners don't get called for uninstall)
      • this check is only for certain add-ons that make preference changes that need to be reverted (e.g. movable homescreen button)
  • its good practise to have a clean boot after testing each add-on that affects system anyway.