Confirm
206
edits
Changes
→Libraries, frameworks and other unreadable code: fixed link to known libraries
It's very common for add-ons to use libraries or frameworks such as jQuery or Bootstrap. Some add-ons use complex frameworks like Kango, usually to achieve cross-browser compatibility. Finally, the Add-ons SDK generates various files around the actual add-on code. Our code validator will try to detect them, but won't work in every case. If detected, the library code won't generate validator warnings and it will be greyed out in the code viewer.
All libraries on [https://github.com/mozilla/amo-validator/blob/master/validator/testcases/hashes-allowed.txt this list] should be ignored, even if the validator doesn't detect them correctly. All other libraries should be handled carefully. The reviewer should find the original library file and diff it against the one included in the add-on, and also ensure the library doesn't do anything dangerous.
Aside from libraries, many add-ons can include minified, obfuscated or compiled code. Since this code can't be easily reviewed without the original sources, only admin reviewers should review them. The Add-on History entry should indicate if the source code has been provided by the developer. If that's not the case, you can use the canned info request.
