Add-ons/Reviewers/Guide/Reviewing: Difference between revisions

Jump to navigation Jump to search

Add-ons/Reviewers/Guide/Reviewing (view source)

Revision as of 21:29, 19 January 2015

5,134 bytes removed ,  19 January 2015
Validation
(WIP)
 
(Validation)
Line 1: Line 1:
== Performing a Review  ==
= Performing a Review  =
'''Reviewer Intro Tour:''' ask your guide to select an add-on for you to review. Don't submit your first review without their pre-approval!
'''Reviewer Intro Tour:''' ask your guide to select an add-on for you to review. Don't submit your first review without their pre-approval!


Add-on reviewers have a great responsibility. We need to ensure add-ons are safe to use, good quality, and clearly presented to our users. We also need to make sure developers get quick, clear, and actionable reviews.
Add-on reviewers have a big responsibility. We need to ensure add-ons are safe to use, good quality, and clearly presented to our users. We also need to make sure developers get quick, clear, and actionable reviews.


AMO is designed so that popular and well-reviewed add-ons bubble to the top search rankings. The full and preliminary review levels also create two layers that allow us to list add-ons that are not quite ready for general consumption. Since we have good filtering mechanisms on AMO, our general policy is to '''only reject when strictly necessary'''. Rejection is necessary when an add-on has security issues, doesn't meet our content policies, or a few other cases which are spelled out in this guide. If an add-on doesn't meet the criteria for rejection, it should at least get preliminary approval.
AMO is designed so that popular and well-reviewed add-ons bubble to the top search rankings. The full and preliminary review levels also create two layers that allow us to list add-ons that are not quite ready for general consumption. Since we have good filtering mechanisms on AMO, our general policy is to '''only reject when strictly necessary'''. Rejection is necessary when an add-on has security issues, doesn't meet our content policies, or a few other cases which are spelled out in this guide. If an add-on doesn't meet the criteria for rejection, it should at least get preliminary approval.


=== Step 1: Review Add-on Metadata  ===
== Policies and actions ==
The rest of this page explains what our policies and recommended actions are for common add-on issues. Add-ons must be reviewed '''completely''', and all issues written down as they are found. Once the review is complete, the sum of all noted issues is used to determine what the review resolution should be, and all issues should be included in the notes sent to developers.
 
= Step 1: Review Add-on Metadata  =


Before getting started, here's a very important legal note: reviews '''must not''' involve checking for copyright or trademark violations. You should not take '''any''' action on an add-on because you suspect it copies code from others without permission or may otherwise infringe somebody else's copyright or trademark. The DMCA is a law that gives us legal protection from being held responsible for copyright infringement by users who post content to our site, but only if our conduct qualifies us for such protection and we follow exactly the procedures laid out in the DMCA. Determining copyright or trademark infringement is complicated and you will not have enough information to make those determinations.
Before getting started, here's a very important legal note: reviews '''must not''' involve checking for copyright or trademark violations. You should not take '''any''' action on an add-on because you suspect it copies code from others without permission or may otherwise infringe somebody else's copyright or trademark. The DMCA is a law that gives us legal protection from being held responsible for copyright infringement by users who post content to our site, but only if our conduct qualifies us for such protection and we follow exactly the procedures laid out in the DMCA. Determining copyright or trademark infringement is complicated and you will not have enough information to make those determinations.
Line 12: Line 15:
If you have any concerns about the legality or legitimacy of an add-on, please email amo-editors AT mozilla DOT org.
If you have any concerns about the legality or legitimacy of an add-on, please email amo-editors AT mozilla DOT org.


==== Policies and Actions  ====
== Policies and Actions  ==


{| cellspacing="0" cellpadding="1" border="0" style="width: 80%"
{| cellspacing="0" cellpadding="1" border="0" style="width: 80%"
|+  
|+  
|-
|-
! style="border-bottom: 2px solid black" scope="col" | Policy
! style="border-bottom: 2px solid black" scope="col" | Issue
! style="border-bottom: 2px solid black" scope="col" | Action  
! style="border-bottom: 2px solid black" scope="col" | Action  
! style="border-bottom: 2px solid black" scope="col" | Notes
! style="border-bottom: 2px solid black" scope="col" | Notes
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Empty name (the name is blank in default locale)
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The add-on doesn't provide enough information in its descriptions for users to figure out what it does.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request More Information
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request more information
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject if the name is not updated after 3 days.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Missing information in descriptions, missing testing information
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request More Information
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-on name and code copied from very popular add-on (like Firebug or AdBlock Plus)  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The add-on name and/or code appear copied or very similar to a popular add-on (like AdBlock Plus).
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review / Notify mailing list
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These add-ons can include some form of malicious code and trick users into thinking they are the original one.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These add-ons can include malicious code and trick users into thinking they are the original one. We accept add-on forks or with similar features, but we don't want to confuse users.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-on name or icon identical or very similar to existing, active listing
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | We want to avoid user confusion when selecting which add-on to install. It's OK to fork, but it should be clear what are the differences between very similar offerings.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Other copyright suspicions  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Other copyright suspicions  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Ignore
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | No action
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | We have a legal obligation *not* to take action unless the author of the original code files a DMCA complaint. If you see any malicious intent in the copied add-on, follow the same Action as the previous policy.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | We have a legal obligation ''not'' to take action. See note at the beginning of this section.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Not compatible with the current versions of the application
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | There's a canned response for this purpose. Reject if the maxVersion is lower than 4.0, unless it's a critical fix.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Missing Privacy Policy or EULA when necessary
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These descriptions are necessary if the add-on handles user information remotely, or the user needs to agree to any terms in order to use the add-on.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Questionable add-on relevance
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Missing Privacy Policy when necessary
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Carefully read the [[#Add-on_Relevance|Add-on Relevance]] section below. This policy should only be enforced on extreme circumstances.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | A Privacy Policy is required if an add-on sends any user information to a remote server, even if it is not personally-identifying. Even stats pings require a Privacy Policy.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | New version doesn't follow previous editor requests
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | If the author keeps submitting the same version, contact the mailing list.
|}
|}


==== Add-on Relevance  ====
== Add-on Relevance  ==


Add-on relevance should only matter if the add-on is obscure or difficult to review, or you think that it is too simple to be fully approved. In general you shouldn't make any assessments on add-on relevance, since we have download counts, active daily users and user reviews to rank all add-ons on AMO.
Add-ons must not be rejected because a reviewer doesn't find them useful. We let AMO users make that call, and add-ons that aren't very useful won't gain much usage and have low search rankings.


We have a very low admission threshold, but we don't want to fully publish add-ons that will get at most a couple hundred downloads and will be mostly ignored during their lifetime. In that case, the add-on should at best receive a preliminary review approval.  
In some cases, however, reviewers should deny full review to add-ons due to their usefulness. Add-ons that commonly fall into this category are:
* Add-ons that help access very specific webpages. For example, an add-on that makes it easier to use an internal business site or a university library.
* Add-ons targeted to a limited geographical area. For example, an add-on for a local city newspaper or radio station.
* Add-ons that don't do more than link to websites through buttons or menu items.
* YouTube (or other) video downloaders. We already have too many add-ons of this kind, with little to no distinction between them. Unless the add-on provides something really innovative to video downloading, it should not get full approval.


Add-ons that commonly fall into this category are:
When in doubt, don't apply this policy.


*Add-ons that help access very specific webpages. For example, an add-on that makes it easier to use an internal business site or a university library.
= Step 2: Automatic validation  =
*Add-ons targeted to a limited geographical area. For example, an add-on for a local city newspaper or radio station.
*Add-ons that only add a toolbar or menu filled with website links, similar to plain bookmarks.
*Add-ons that download video files from Flash video sites like YouTube. We already have too many add-ons like these, with little to no distinction between them. Unless the add-on provides something really innovative to video downloading, it should not get full approval.


Assessing the relevance of an add-on can be difficult. In these cases you should leave the review to somebody else or ask on the mailing list.
We have a extensive set of tests that identify common bad practices and possible security problems with add-on code. Reviewers must run the code validator and inspect the results when performing a review. Each Add-on History entry has a validation link, and you'll want to validate the latest one.


=== Step 2: Automatic validation ===
[[Image:Validation-link.png|center|Add-on validation link]]


We have a extensive set of static tests that identify common bad practices and possible security problems with add-on code. You must always run the code validator and inspect the results when performing a review.  
Clicking on the link will take you to the validation page, where the automatic code validator will run for that version of the add-on and then the results will be displayed. We recommend opening this link in a new tab.


Each Add-on History entry has a validation link. You'll want to validate the latest version.
If the validator shows a validation error and no results, it's possible that reloading the validation page will fix the problem. If the problem persists contact the review team on the #amo-editors IRC channel or pick a different add-on to review.
 
[[Image:Validation-link.png|center|Add-on validation link]]
 
Clicking on the link will take you to the validation page, where the automatic code validator will run for that version of the add-on and then the results will be displayed. It's usually best for navigation to open this link in a new tab.


==== Policies and actions  ====
==== Policies and actions  ====


{| width="700" cellspacing="0" cellpadding="1" border="0"
{| width="80%" cellspacing="0" cellpadding="1" border="0"
|-
|-
! style="border-bottom: 2px solid black" scope="col" | Policy
! style="border-bottom: 2px solid black" scope="col" | Issue
! style="border-bottom: 2px solid black" scope="col" | Action  
! style="border-bottom: 2px solid black" scope="col" | Action  
! style="border-bottom: 2px solid black" scope="col" | Notes
! style="border-bottom: 2px solid black" scope="col" | Notes
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Missing file / Parse error / Validation error
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using eval, Function(), setTimeout, setInterval to evaluate JS code.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | eval can be allowed when it is used to patch Firefox functions with local code. setTimeout and setInterval can be used with hardcoded JS strings, but using closures is preferred.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Obfuscated, minified or binary code  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | There's a canned response for this.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Obfuscated, minified or binary code, with original sources included in XPI or provided link
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using eval, Function(), setTimeout, setInterval to evaluate remote code
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Remote script injection  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Remote script injection  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-ons can use data-only APIs, but should never download and execute remote code, not even in the scope of a webpage. Any use of the <script> tag (like createElement("script")) needs to be carefully analyzed.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <browser> or <iframe> elements with no type  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <browser> or <iframe> elements with no type  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | See canned response and [https://developer.mozilla.org/en/XUL/iframe#a-browser.type iframe documentation]. If the frame or browser is used to load chrome content, it's fine as long as that's clear from reading the source.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | See the [https://developer.mozilla.org/en/XUL/iframe#a-browser.type iframe documentation]. The type needs to be set to "content" (or "content-targetable", or "content-primary") ''before'' anything is loaded on that iframe. If the frame or browser is used to load chrome content, it's fine not to use a type as long as that's clear from reading the source code.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Inserting remote content with innerHTML
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Inserting remote content with innerHTML
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | If it's only local content, Add a Note to fix it on future versions. There's a canned response.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The canned response points to the [https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/DOM_Building_and_HTML_Insertion right documentation about this]. innerHTML will execute any JS code contained in the injected string, so it needs to be very clear that there is no executable code in it. The docs offer various ways to ensure this.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using DOM Mutation events
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using DOM Mutation events
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Just add a note if this is a first warning and the add-on has been approved with this code before.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Just add a note if this is a first warning and the add-on has been approved with this code before. [https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver Mutation Observers] are the recommended alternative.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Conduit add-on without [https://addons.mozilla.org/en-US/firefox/user/4959120 CONDUIT-AMO] as author
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Conduit add-on with [https://addons.mozilla.org/en-US/firefox/user/4959120 CONDUIT-AMO] as author
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | JS Library (like jQuery) included, but not in its original file. JS Library doesn't pass checksum validation.
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | SHA-256 hashes recognized by the validator are stored at http://mzl.la/amo-libs and [https://github.com/mozilla/amo-validator/blob/master/validator/testcases/static_hashes.txt]
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Unicode characters (e.g. \u0060) in JS code
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Keep in mind these can be used safely inside strings. They're just not allowed to replace characters in JS code, since they can be used to bypass the validator.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using eval, Function(), setTimeout, setInterval to evaluate local code
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | One case that we accept is when eval is used to replace existing Firefox functions. This is very common for add-ons that change bookmarking or tabbing behavior. It is also allowed in known libraries like jQuery.
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using the codebase_principal_support preference or enablePrivilege function
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | They're deprecated.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Native object prototype extension / Using Prototype library  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Native object prototype extension / Using Prototype library  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preliminary Review  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | This only applies in XUL overlays, where the prototype extension affects the prototypes used by Firefox code and other overlays.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Storing passwords or other sensitive user data in the preferences  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Storing passwords or other sensitive user data in the preferences  
Line 161: Line 105:
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Changing security preferences, permissions, certificates (nsIX509CertDB)  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Changing security preferences, permissions, certificates (nsIX509CertDB)  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using nsIProcess  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using nsIProcess  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using JS c-types  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using JS c-types  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Admin Review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |  
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using Geolocation
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Test
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Give Preliminary Review if the add-on doesn't ask the user for permission to use geolocation before getting geolocation data ([https://developer.mozilla.org/en-US/docs/Using_geolocation#Prompting_for_permission this is how users should be asked for permission]). Approve if it does.
|- style="vertical-align: top;"
|- style="vertical-align: top;"
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Localization errors  
| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Localization errors  
Line 181: Line 121:
|}
|}


See the [[AMO:Editors/EditorGuide/AddonReviews/Security|security code review]] page for more detail on the above security rejection reasons.
There are many other validation flags of varying importance. If you're unsure about which action to take, please ask on the mailing list.
 
Most of the other validator flags are not that important, but they should still be fully read and understood. When in doubt, check the help page or ask in the mailing list.


=== Step 3: Code Review  ===
=== Step 3: Code Review  ===
Jorge.villalobos
canmove, Confirmed users
1,448

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1048897"

Navigation menu