Changes

Add-on reviewers have a big responsibility. We need to ensure add-ons are safe to use, of good quality, and clearly presented to our users. We also need to make sure developers get quick, clear, and actionable reviews.

AMO is designed so that popular and well-reviewed add-ons bubble to the top search rankings. The full and preliminary review levels also create two layers that allow us to list add-ons that are not quite ready for general consumption. Since we have good filtering mechanisms on AMO, our general policy is to '''only reject when strictly necessary'''. Rejection is necessary when an add-on has security issues, doesn't meet our content policies, or a few other fits one of the special cases which are spelled out later in this guide. If an add-on doesn't meet the criteria for rejection, it should at the least get be granted preliminary approval.

The rest of this page explains what our policies and recommended actions are for common add-on issues. Add-ons must be reviewed '''completely''', and all issues written down as they are found. Once the review is complete, the sum of all noted issues is used to determine what the review resolution should be. Regardless of the result, and all issues should be included in the notes sent to developers.

Before getting started, here's a very important legal note: reviews '''must not''' involve checking for copyright or trademark violations. You should not take '''any''' action on an add-on because you suspect it copies code from others without permission , or may otherwise infringe somebody else's copyright or trademark. The DMCA is a law that gives us We are granted special legal protection from being held responsible against liability for copyright infringement by users who post content to our sitethe [http://en.wikipedia.org/wiki/Digital_Millennium_Copyright_Act DMCA], but only if our conduct qualifies us for such protection and under strict conditions, which include a requirment that we follow exactly not screen the procedures laid out in the DMCA. Determining content that we host for copyright or trademark infringement is complicated and you will not have enough information to make those determinationsissues.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These are add-ons that embed which:* Embed known spyware or malware.* Engage in illegal activities, illegal and criminal add-ons such as click fraud generators.* Have the primary purpose of facilitating illegal activities, such as access online gambling or pirated materials, including warez download and directory assistants, child unlicensed music/video downloads.* Have the direct purpose of facilitating access to pornography finders. This includes, and for instance add-ons whose main purpose is to facilitate access which specifically interact with, or direct users to , porn sites, but does not include, for instance, image downloaders why may, but need not, be used for pornographic or copyrighted material, or online gamblingpurposes.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | We allow it when used at the end use of certain trademarks when appended to the name in this way: of an add-on (e.g., "Video downloader for Firefox", "Inspector for Mozilla") in such a way as not to cause confusion as to the origin of the add-on. Not allowed: We do not allow uses which may suggest that the add-on is a Mozilla product (e.g., "Firefox downloader", "My Mozilla downloader", "Firefox++", etc). When in doubt, ask on the list or request super-review.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Due to some issues in the inner workings of our CDN content delivery network, it's uploads which re-use a version number will not possible to reliably replace filesthe previous version. Every new submission needs a new version number.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Explain clearly why the provided description is insufficient, and what needs to be done to improve it. Once the developer has corrected the deficiencies and contacted us, the review may be completed without a further upload.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These add-ons can often include malicious code , and may trick users into thinking they are mistaking them for the original one. We accept add-on forks or , and add-ons with similar featuresto other add-ons, but we don't want need to be very careful to confuse ensure that they do not mislead users.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" |

* Add-ons targeted to a limited geographical area. For example, an add-on for a small, local city newspaper or radio station.

* YouTube (or other) video downloaders. We already have too many add-ons of this kind, with little to no distinction between them. Unless the add-on provides something really especially innovative to video downloadingfeatures, it should not get be granted full approval.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using <code>eval()</code>, <code>Function()</code>, <code>setTimeout()</code>, or <code>setInterval ()</code> to evaluate JS code.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code>eval can </code> may sometimes be allowed when it is used carefully to patch Firefox functions with local code. <code>setTimeout </code> and <code>setInterval can </code> may be used with hardcoded JS strings, but using closures is preferred.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code><browser></code> or <code><iframe></code> elements with no <code>type</code> attribute, used in privileged documents.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | See the [https://developer.mozilla.org/en/XUL/iframe#a-browser.type iframe documentation]. The type needs to must be set to one of <code>"content" (or </code>, <code>"content-targetable"</code>, or <code>"content-primary") </code>. This must be done ''before'' anything is loaded on that iframe. If the frame iframe or browser is used to load only chrome content, and it's fine not to use a type as long as that's is clear from reading the source codethat it will never load anything else, <code>type="chrome"</code> may be used when necessary.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Inserting remote content with <code>innerHTML</code>.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The canned response points to the [https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/DOM_Building_and_HTML_Insertion right preferred documentation ] about this]topic. Assignments to <code>innerHTML </code> will execute result in the execution of any JS JavaScript code contained present in the injected string, so it needs to be very clear that there is no executable code in itany such strings are safe and sane. The docs offer documentation offers various ways to ensure methods of ensuring this. Since this issue can often be confusing to developers, make sure you to include a reference to a code file and line where this occurs.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Just add a note if this is a first warning and the add-on has been approved with this code before. [https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver Mutation Observers] are the recommended alternative. For instances of this issue which were approved in past reviews, this should only result in a warning that it must be fixed.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Native object prototype extension / Using the Prototype library.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Passwords and other sensitive data should be stored in the login service rather than in preferences.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Changing security preferences, permissions, certificates (<code>nsIX509CertDB</code>).

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using <code>nsIProcess</code>.

| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Errors which result in breakage of user interfaces should result in rejection when built-in Firefox UIs are rejected, and preliminary review when only add-on interfaces are affected. Otherwise, they should be ignored.