= Performing a Technical Review ='''Reviewer Intro Tour:''' ask your guide to select an add-on for you to review. Don't submit your first review without their pre-approval!
== Introduction ==Add-on reviewers have a big responsibility. We need to help ensure add-ons are safe to use, of good quality, reliable and clearly presented to users. We also need to make sure developers get provide quick, clear, and actionable reviewsfeedback to developers if issues are found with their add-ons.
Our general All decisions should be based on the official [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Review Policy], please make sure you have read and understood the policy . If you have any questions or need clarifications, the admin team is happy to '''only reject when necessary'''help. Rejection is necessary There are no dumb questions when an add-on has security or privacy issues, doesn't meet our content it comes to the review policies, or fits one of the special cases spelled out later in this guide.!
== Policies and actions ==The add-on review process consists of the following phases:The rest # '''Automatic Review''': When an add-on is uploaded, it undergoes a number of this page explains policies and recommended actions automatic validation steps for common the general safety of the add-on issues. Add-ons must be reviewed # '''completelyContent Review''': Within a fairly short time after submission, and all issues written down as they add-ons are found. Once inspected by a human to ensure that the listing adheres to content review is complete, guidelines. This includes metadata such as the sum add-on name and description.# '''Technical Code Review''': The source code of all noted issues the add-on is used inspected to determine what the ensure it is in compliance with our review resolution should bepolicies. Regardless of # '''Basic Functionality Testing''': Once the resultsource code is verified safe, all issues should the add-on must be included given a basic test in the notes sent functionality to developersensure that it acts as described.
= Step 1: Review Add-In the following sections, you will learn more about each phase of review and how to go about it. Before we go into detail about the phases, we’d like to tell you a few helpful tips on Metadata =how to get your system ready for reviewing.
Our == Setting up a Review Environment ==You can complete most of the review process does not involve reviewing for copyright infringement of any kindusing the reviewer tools at addons. The [http://enmozilla.wikipediaorg.org/wiki/Digital_Millennium_Copyright_Act DMCA] gives us protection from liability for hosting content A file viewer is available that infringes copyright because of how hard it would be to review each will also diff between add-on we host for copyright infringement. If you see something egregiousversions, feel free to escalate it for super-and the validation report shows additional information that may be helpful during the review but we do not specifically review any content for copyright concerns. The validation results are also shown inline in the file viewer.
If Most of the reviewer tools pages are fairly straightforward, but we have prepared a video (coming soon) that will give you have any concerns about an introduction to the legality or legitimacy of an add-on, please email amo-admins AT mozilla DOT orgtools. We recommend taking a moment to watch it now.
== Policies and Actions = Security Considerations ===As a reviewer, you have access to systems that allow approving and rejecting large amounts of add-ons. Add-ons that have not been reviewed may contain code that aims to control your computer or steal personal information, such as login tokens to addons.mozilla.org.
{| cellspacing="0" cellpadding="1" border="0" style="width: 80%"|+ |-! style="border-bottom: 2px solid black" scope="col" | Issue ! style="borderAs such, you need to be conscious and security-bottom: 2px solid black" scope="col" | Action ! style="border-bottom: 2px solid black" scope="col" | Notes|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The add-on doesn't comply with the Mozilla [https://www.mozilla.org/en-US/about/legal/acceptable-use/ Conditions of Use].| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These are add-ons which do things like: * Anything illegal.* Threaten, harass, or violate privacy.* Harm users such as by aware when accessing and using viruses, malware, or other malicious code.* Have the direct purpose of facilitating access to pornographyreviewer tools. This includes, add-ons that specifically interact with, or direct users Please adhere to, porn sites, but does not include add-ons such as image downloaders that may be used to access pornography but also have other purposes. the following security guidelines:
Make sure to read * When accessing the rest of reviewer tools, never do so in the list [https://www.mozilla.org/en-US/about/legal/acceptable-use/ here].|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The same profile that you are testing an add-on improperly uses Mozilla trademarks in its namewith.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | We allow the It is recommended to use of certain trademarks when appended to a separate profile only for accessing the name of an reviewer tools that has third party add-on (eons disabled.g., "Video downloader * Use a separate profile for Firefox", "Inspector for Mozilla") in such a way as not to cause confusion as to the origin of the testing add-onons, which you can regularly throw away and recreate. We do not allow uses which may suggest that the * When testing add-on is a Mozilla product ons that require additional software (e.g., "Firefox downloader", "My Mozilla downloader", "Firefox++"through native messaging). When in doubt, ask an admin or request super-review.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The add-on doesn't provide enough information in its descriptions for users always make use of a VM to figure out what it doesfacilitate testing.| style="paddingYou can use [https: //www.5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request more information | style="padding: virtualbox.5ex 1ex 1ex 0; border-bottomorg/ VirtualBox] along with a free image from [https: 1px solid black;" | Explain clearly why the provided description is insufficient, and what needs to be done to improve it. Once the //developer has corrected the deficiencies and contacted us, the review may be completed without a further upload.|- style="vertical-align: top;"| style="padding: microsoft.5ex 1ex 1ex 0; bordercom/en-bottom: 1px solid black;" | The addus/microsoft-on name andedge/tools/vms/or code appear copied or very similar modern.ie]. Make use of snapshots to a popular add-on (like AdBlock Plus)reset the VM after installing third party software.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These add-ons can include malicious code, and trick users into mistaking them for * Never log in to the reviewer tools from within the original. We accept add-on forks, and add-ons with similar features VM where you install third party software related to other add-ons, but we need to be very careful to ensure that they do not mislead users.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Missing Privacy Policy when necessary.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request more information| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | A Privacy Policy is required if an add-on sends any user information to a remote server, even if it is not personally-identifying. Even stats pings require in a Privacy Policy. Reject if there's no reply from the developerseparate profile.|}
== AddIf you become aware of a potential leak or misuse of your AMO credentials, please get in touch with the admin team at amo-on Relevance ==admins [at] mozilla [dot] org immediately so we can analyze ensure your account was not accessed by a malicious third party.
=== Tools and Add-ons must not be rejected because Aiding Review ===In addition to the reviewer tools on addons.mozilla.org, a few handy tools have been created by reviewers to support their work. For the best reviewer doesn't find them usefulexperience, we recommend installing the [https://addons. We let mozilla.org/addon/amo-queue-helper/ AMO users make that callQueue Helper] extension. There are also other tools available, and addwhich are explained in more detail on our [[Add-ons that aren't very useful won't gain much usage and have low search rankings, so they'll stay mostly out of the way/Reviewers/Tools|tools page]].
However, if it looks like an == Automatic Review and Risk Categorization ==When a new add-on shouldn't be '''listed''' on version is uploaded to addons.mozilla.org (AMO), because it's intended for an internal company deployment, for testing purposes, or only private use, it should be rejected with the suggestion to go unlisted instead, and a link to the [https://developergithub.com/mozilla.org/enaddons-USlinter/Addaddons-linter] runs a set of validation checks for potential issues. Following this validation, add-ons are signed and listed on AMO immediately. They are then shown in the list of auto-approved add-ons/Distribution Distribution page]in the reviewer tools.
Add-ons that are potentially dangerous and have a limited audience (like SSL certificate installers) should be Rejected, while noting to the developer that they can submit the add-on as [https[File://developerReview Queue.mozilla.org/en-US/Add-ons/Distribution Unlistedpng|thumb]].
= Step 2: Automatic validation As you can see from the screenshot above, the review queue is sorted according to weight, otherwise known as risk. The highest weighted add-ons are sorted at the top of the list. =A number of factors are included in the risk calculation, including abuse reports, therefore add-ons that turn out to be malicious will quickly bubble up in the list.
We have an extensive set While there are a lot of tests that identify common bad practices and possible security problems with add-on code. Reviewers must run ons in the code validator and inspect the results when performing a review. Each Addauto-on History entry has a validation linkapproved list, and we ask you'll want to validate focus on those with the latest onehighest calculated risk. These are the most important add-ons to review.
[[Image:Validation== Content Review ==When an add-link.png|center|Addon is submitted and passes automatic review, a team of content reviewers take a look to ensure the add-on validation link]] listing is in line with our content policies. This is useful for example to filter out spam submissions or obvious malicious content.
Clicking on the link will take As a technical reviewer, you to the validation page, where the automatic code validator will run for that version of must be familiar with the add-on content review guidelines and then the results will be displayedready to enforce them. We recommend opening this link Add-ons may be rejected in a new tab.content review for the following reasons:
==== Policies and actions * Obscene or pornographic images in the icon or screenshots * Hate speech in the add-on listing (note: anything promoting Nazism or that uses Nazi symbols must be rejected) ====* The add-on is spam * The add-on infringes on Mozilla copyright or trademarks.
{| width="80%" cellspacing="0" cellpadding="1" border="0"|-! style="border-bottom: 2px solid black" scope="col" | Issue ! style="border-bottom: 2px solid black" scope="col" | Action ! style="border-bottom: 2px solid black" scope="col" | Notes|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using <code>eval()</code>, <code>Function()</code> to evaluate JS code.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code>eval</code> may sometimes be allowed when it is used carefully to patch Firefox functions with local code.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using <code>setTimeout()</code>, <code>setInterval()</code>, or properties like <code>onclick</code> to evaluate JS code.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | They may be used with hardcoded JS strings, but using closures is preferred. Only reject if it's clear from the surrounding code that remote code is being evaluated.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Remote script injection. | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-ons can use data-only APIs, but should never download and execute remote code, not even Content reviewers make decisions solely based on information provided in the scope of a webpage. Any use of the <code><script></code> tag (like <code>createElement("script")</code>) needs to be carefully analyzed. Using remote [http://en.wikipedia.org/wiki/Proxy_auto-config PAC] files is not allowed.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | <code><browser></code> or <code><iframe></code> elements with no <code>type</code> attribute, used in privileged documents.| style="padding: .5ex 1ex 1ex 0; borderadd-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | See the [https://developer.mozilla.org/en/XUL/iframe#a-browser.type iframe documentation]. The type must be one of <code>"content"</code>, <code>"content-targetable"</code>, or <code>"content-primary"</code>. This must be done ''before'' anything is loaded on that <code>iframe</code>listing. If the <code>iframe</code> or <code>browser</code> It is used to load only chrome content, and it is clear from the code possible that it will never load anything else, <code>type="chrome"</code> may be used when necessary.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Storing passwords or other sensitive user data in the preferences.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; borderan add-bottom: 1px solid black;" | Passwords and other sensitive data should on’s metadata could be stored in the login service rather than in preferences.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Changing Firefox preferences without user consent.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | These include: network preferences, update system preferences, homepage, User Agent string. They also must be restored to their previous values when considered acceptable but the add-on is uninstalled.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Inserting content with <code>innerHTML</code>.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject if it's clear from the surrounding code that the code being injected is remote and unsanitized. The canned response points to the [https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/DOM_Building_and_HTML_Insertion preferred documentation] about this topic. Assignments to <code>innerHTML</code> will result in the execution of any JavaScript code present in the injected string. Since this issue can often be confusing to developers, make sure to include a reference to a code file and line where this occurs.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using DOM Mutation events.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | [https://developer.mozilla.org/en-US/docs/Web/API/MutationObserver Mutation Observers] are the recommended alternative.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Native object prototype extension / Using the Prototype library.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | This only applies in XUL overlaysunacceptable, where the prototype extension affects the prototypes used by Firefox code and other overlays.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Changing security preferences, permissions, certificates (<code>nsIX509CertDB</code>).| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | |- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using <code>nsIProcess</code>.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | |- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using JS c-types.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | |- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Localization errors.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Ignore | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Errors which result in breakage should result in rejection when built-in Firefox UIs are affected, and just a note if only add-on interfaces are affected. Otherwise, they should be ignoredvice versa.|}
There are many other validation flags of varying importanceConfirming approval as a technical reviewer also marks the add-on as approved for content review. If you're unsure about which action to takesee an add-on that has not been content reviewed, please ask on undergo a full content review of the mailing listmetadata.
= Step 3Now is a good time to take a minute and read the [[Add-ons/Reviewers/Content_Review_Guidelines|content review guidelines]] and the linked [https: Code Review =//www.mozilla.org/about/legal/acceptable-use/ Mozilla Acceptable Use policy] to make sure you have understood them.
All add== Technical Code Review ==This is where you will be spending the most amount of time. With help of the review tools, you will be able to determine if the code provided by the developer complies to our [https://developer.mozilla.org/en-US/Add-on code must be reviewedons/AMO/Policy/Reviews policies]. Automation can't detect all possible security or Along with actually viewing the code quality issues, which is why we have human reviewersyou should make yourself familiar with the review history to ensure consistent replies.
All Add-on History entries have a View Contents link that take In this section we will introduce you to the code browser page. Updates also have a Compare linkreview history, which will show you explain how to go about the code review, and end with the changed sections highlighteda few tips and tricks to help you in reviewing. For updatesTo get started, click on an extension in the compare link should queue to be used. Validation results are integrated into the code viewer, so you can see validation warnings in context. It's okay if you prefer taken to use other tools for code analysis and diffingits review page.
== Libraries= Review History ===When looking at the review page, frameworks you will see information on the latest add-on version that was submitted. It may contain notes from the developer in the “Notes to Reviewers” section. There may also be past conversation between reviewers and other unreadable code ==developers that you should read.
It's very common for add-ons to use libraries or frameworks such as jQuery or Bootstrap. Some add-ons use complex frameworks like Kango, usually to achieve cross-browser compatibility. Finally, the Add-ons SDK generates various files around the actual add-on code. Our code validator will try to detect them, but won't work in every case. If detected, the library code won't generate validator warnings and it will be greyed out in the code viewer[[File:Review History.png|thumb]]
All libraries Unless an add-on [https://github.com/mozilla/amo-validator/blob/master/validator/testcases/hashes-allowed.txt this list] should be ignoredwas just recently submitted, even if the validator doesn't detect them correctlyit will have past versions that will also contain notes. All other libraries should be handled carefully. The reviewer should find the original library file You do not need to read through each and diff every version’s notes, but it against is helpful to read up on the one included in notes from the add-on, and also last rejection or confirmed approval to ensure the library doesn't do anything dangerousall issues are taken care of.
Aside from libraries, many add-ons can include minified, obfuscated or compiled code. Since this code can't be easily reviewed without Once you have obtained an overview of the original sources, only admin reviewers should review them. The Add-on History entry should indicate if the source code has been provided by the developer. If that's not the casehistory, you can use go on to review the canned info requestadd-on’s code.
== Policies and Actions =Code Review ===Add-ons that have not previously been reviewed by a human need to be inspected in their entirety. Once a manual review has been completed successfully, it is sufficient to review the changes since the last confirmed approval or rejection. If the review version contains a “Compare” link, you can use this to compare against the last confirmed version. Otherwise, use the “Content” link to view the add-on source code.
{| width="80%" cellspacing="0" cellpadding="1" border="0"|-! style="border-bottom: 2px solid black" scope="col" | Issue ! style="border-bottom: 2px solid black" scope="col" | Action ! style="border-bottom: 2px solid black" scope="col" | Notes|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Remote code download or execution, custom update code.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | As explained in the validation section, no remote code execution is allowed.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using plain HTTP for security-sensitive operations.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Sending passwords over unprotected HTTP if there's a secure alternative. Sending passwords in The file viewer commonly opens with the URL or other headers than POSTDATAmanifest. Performing any security-sensitive operations over HTTP when there's a secure alternative. |- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using non-release version of Add-ons SDK.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The validator can detect many experimental versions of the SDKjson, but that doesn't make it OK which allows you to use in add-ons.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Using outdated Add-ons SDK library.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | We accept the two most recent minor releases obtain an overview of the Add-on SDK.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Bad or no namespacing.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | All scripts that are included in the main window overlay should have proper namespacing to avoid name conflicts with other add-onson’s functionality. The name You should normally correspond now begin to review all the add-on name in order to guarantee its uniqueness.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Privacy issues.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | An add-on can claim to work with a popular website like Twitter, but then send the user data through some other site, most likely owned by the developer. There needs to be a justified reason to handle user data files in this manner, and the privacy policy and add-on descriptions need to be very clear about this. Passwords should never be handled in this way, and they should only be transmitted directly to the original API provider (Reject otherwise).|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Preference names without "extensions." or "services.sync.extensions." prefix.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-on preferences should use starting from the "extensions." prefix, and should also have a reasonable namespace (like "extensions.myVideoDownloader.").|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Performance problems.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Synchronous (non-local) HTTP requests, synchronous SQL queries, noticeably inefficient code, random UI freezes, loading large amounts of JS code directly in overlays. Reject if first file at the issues cause noticeable lag while testing.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Writing files outside of the profile folder.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Some add-ons need helper files like SQL DBs or logs. Those files must be written in the profile folder, not the extension installation folder or other locations.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Bootstrapped or SDK add-on doesn't clean up after itself. | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Some things to look for: subsequently going through each file until the add-on must not require a restart for any of its features to fully work, must not require a restart after being disabled or uninstalled, must unregister all observers and remove all UI when disabled or uninstalled. [http://maglione-k.users.sourceforge.net/bootstrapped.xhtml More details].|- style="vertical-align: top;"| style="padding: 0.5ex 1ex 1ex 0pt; border-bottom: 1px solid black;" | Using non-standard preferences UI.| style="padding: 0.5ex 1ex 1ex 0pt; border-bottom: 1px solid black;" | Add note| style="padding: 0.5ex 1ex 1ex 0pt; border-bottom: 1px solid black;" | If an add-on has a preferences UI, it should use last one of the [https://developer.mozilla.org/en-US/Add-ons/Install_Manifests#optionsURL supported methods].|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Duplicate / hidden files or folders.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | See canned response.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | New version doesn't follow previous review requests.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Ignore if they are minor issuesis reached.|}
In general you should apply your judgement and try When finding issues during a review, note them in the review comment field on the review page, preferably using the canned responses. You can read more about how to identify code that may appear suspicious or out best make use of place. Try to understand what everything does the responses and how it all fits togetherfind examples that will help you make better review decisions in our [[Add-ons/Reviewers/Guide/Review Decision|Review Decision Guidelines]].
== WebExtensions Policies It is very important to '''include the file and Actions ==line number of each issue''' you find. This will help developers quickly identify and address issues. While the issue may seem obvious to you, it may not be readily apparent to the developer. Including line numbers quickly resolves this issue and reduces frustration on all sides.
This is If the same issue occurs more than a draft few times in each file, you should cite at least three lines where the issue occurs. If there are more than three occurrences of WebExtensions Policies as WebExtensions are relatively newthe same issue, you can let the developer know that similar issues exist in other parts of the file.
{| width="80%" cellspacing="0" cellpadding="1" border="0"|-! style="border-bottom: 2px solid black" scope="col" | Issue ! style="border-bottom: 2px solid black" scope="col" | Action ! style="border-bottom: 2px solid black" scope="col" | Notes|- styleLibraries and other Minified Code ="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Abuse of chrome.storage.sync| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | It's noted in the docs that chrome.storage.sync is very common for storing preferences and other small amounts of dataadd-ons to use libraries or frameworks such as jQuery or React. It is not provided Some libraries however, were written with any expectations of performanceonly websites in mind, where security boundaries are very strict. Therefore, stability or being able we have to store large amounts of data.|- style="vertical-align: top;"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | manifest.json includes permissions "nativeMessaging"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | nativeMessaging must be carefully reviewed by an adminlibraries, keeping in mind they are being used in a more privileged context.|}
= Step 4: Feature Review =Our validation checks will attempt to detect known third-party libraries, but won't work in every case. If detected, the library’s code won't generate warnings and it will be greyed out in the code viewer and does not have to be reviewed.
The last step Other libraries have to be reviewed in a review similar way that normal add-on code is reviewed. Please go through the library code and make sure it complies to install and test our policies. If you come across library methods that are potentially unsafe, find out if the method is actually used in the add-on. For example, jQuery uses the $.parseHTML() function which has security considerations, but we still allow the use of jQuery if the add-ondoes not use these functions.
The developer must provide links to the library files they used in accordance with our [https://developer.mozilla.org/en-US/Add-ons are normally cross-platform/Third_Party_Library_Usage library usage guidelines]. If you come across a minified library that is not known to our system, in which case there will only be please take the following steps:# Check if the developer has provided a single XPI link to testthe exact file being used, as per our library usage guidelines. # If the links are not available, please request more information using the reviewer reply feature.# Verify the link is from the original maintainer’s website# Verify the file included in the add-on is offered an exact match to the linked original file on the maintainer’s website.# Search for a limited number of platforms or has different files for different platforms, there will be individual links for each one in the Add-corresponding unminified file on History entry.the maintainer’s website# Review the unminified file as described above
Regarding application support (Firefox / SeaMonkey / Thunderbird)If the links are not available or do not point to the original maintainer’s website, please request more information from the developer using the canned response. If the file contents do not match, you don't need to test can reject the add-on on all of them. Canned responses are available for this purpose. If the add-on supports Firefox and others, you believe a library is used sufficiently often that it's OK should be added to only test using Firefoxour automatic checks, please get in touch with the admin team.
== Testing setup ==Aside from libraries, many add-ons include minified, obfuscated or otherwise machine-generated code. Since this code can't be easily reviewed without the original sources, only admin reviewers should review them. The Add-on History entry should indicate if the source code has been provided by the developer. If that's not the case, use the canned info request about minified code. You can read more about our [https://developer.mozilla.org/en-US/Add-ons/Source_Code_Submission Source Code Submission guidelines].
* '''Always use a separate profile for testing''', never your main profile. See [https://developer.mozilla.org/en/Setting_up_extension_development_environment Setting up an extension development environment]. === Tips & Tricks ===* Ideally you should perform your tests in Reviewing add-ons is a virtual machine. It is always useful in case you need to test in multiple platforms. [https://www.virtualbox.org/ VirtualBox] is free and works well. * Use [https://firefox.com/developer Firefox Developer Edition] for testing. If something needs to be tested on Beta or Release, you'll need to use lot about following data around through the security boundaries within the [[Addons/Extension_Signing|unbranded builds that can disable add-on signing enforcement]].* The [https://addons.mozilla.org/addon/extension-test Extension Test add-on] helps detect loose variables and DOM IDsA web page has less privileges than a WebExtension content page, prototype extension, dangerous category registration, and other difficult to spot problems.* Test with which has less privileges than the Browser Console always open, and look for errors or log messages generated by the add-onWebExtension background page.
== Policies and actions ==We recommend that you you concentrate on finding code where data is being injected or executed (e.g. use of innerHTML), then backtracking to see where the data originates to determine if it is safe.
{| width="80%" cellspacing="0" cellpadding="1" border="0"|-! style="border-bottom: 2px solid black" scope="col" | Issue ! style="border-bottom: 2px solid black" scope="col" | Action ! style="border-bottom: 2px solid black" scope="col" | Notes|- style="vertical-align: top;" id="security-violations"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Security violations.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Adding HTTP content to HTTPS pages. If the add-on injects content like iframes or imagesLikewise, make sure to visit HTTPS sites the add-on supports and look for any security warnings in when data leaves the URL bar.|- style="vertical-align: top;" id="no-surprises-violations"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#Privacy_and_User_Consent No Surprises] violation | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Changing homepage, default search provideruser’s computer, including unexpected ads or content changes without explicit user opt-in.|- style="vertical-align: top;" id="affiliate"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Affiliate linking.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Some add-ons add affiliate codes you’d want to Amazon links (or similar) in order backtrack to make money. At the moment we allow this as long as (1) the add-on follows the No Surprises policy, (2) the feature doesn't replace or remove any existing affiliate codes, (3) the affiliate codes aren't inserted in the merchant website's links (inserting Amazon affiliate codes in Amazon.com pages).|- style="vertical-align: top;" id="privacy-violations"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Privacy violations.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Incorrect or insufficient privacy policies, not respecting Private Browsing Mode.|- style="vertical-align: top;" id="modal-startup"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Showing a modal dialog at startup.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Reject| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Opening modal (blocking) dialogs at startup origin to identify what exact data is not allowed. Non-modal dialogs, separate windows or new tabs are allowed.|- style="vertical-align: top;" id="errors"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Errors in the Browser Console.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Make sure the errors only occur with the add-on installed and are generated from add-on code and not Firefox code. In the latter case, it should only be noted.|- style="vertical-align: top;" id="confusing"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add-on is very hard to use even with instructions.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | If the testing instructions for the add-on are missing, use Request more information. We have [[Add-ons/Reviewers/Guide/Logins|frequently-used test accounts listed here]] (ask an admin for the password).|- style="vertical-align: top;" id="sticky-toolbar-buttons"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Toolbar buttons are not customizable.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Add note| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | It must be possible to remove add-on buttons from the toolbar and move them to the menu panel.|- style="vertical-align: top;" id="third-party-software"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Requires third party software or paid registration. | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" ||- style="vertical-align: top;" id="content-ads"| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Inserts ads into content.| style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | Request super-review | style="padding: .5ex 1ex 1ex 0; border-bottom: 1px solid black;" | The rules in these cases are complex. They need to be clearly labeled as coming from the add-on, can't remove or replace existing ads, and need to follow No Surprises. There are also security concerns and privacy concerns that can lead to rejectionbeing transmitted.|}
Other tests If you stop at each function that has a potentially malicious nature and then track forward to perform:see where it is used, you will end up reviewing many files more than once. This approach takes substantially more time, and we do not recommend it.
*Test all add-on features, within reason. If there are too many, focus on the main features.== Basic Functionality Testing ==*Remove all added toolbar buttons, disable all added toolbars, The last step in a review is to install and restart test the browser. Make sure that buttons and toolbars are all removable and do not reappear add-on restart. Make sure that missing toolbar buttons You can do not cause errors so by navigating to appear `about:debugging` in a separate profile and installing the Error Consoleadd-on as a temporary add-on.*Open the Customize Toolbar UI and make sure that all buttons If you have appropriate icons downloaded and label text.*Open extracted the add-onyou can also make use of ''s preferences window, from [https://github.com/mozilla/web-ext web-ext run]'' to start a browser with the Addadd-ons Manager and elsewhere, and verify that preference changes apply properly. Make sure the window fits all of its contents (a common problem in Mac OS)on installed.
= Step 5For the rare circumstance that you need to test an add-on persisting over a restart, you will need to use [https: Resolution =//www.mozilla.org/en-US/firefox/channel/desktop/ Firefox Nightly] with [[Add-ons/Extension_Signing#FAQ|signing disabled]] or an [[Add-ons/Extension_Signing#Unbranded_Builds|unbranded build]] to test.
Choose You are not expected to extensively test each feature of the appropriate resolution and include all of your notesadd-on. Make sure you use a courteous and professional toneInstead, and be expect to spend not more than 10 minutes reviewing the add-on’s functionality to see if it behaves as helpful as you described. You can when pointing out problems or areas for improvement. The canned responses are very useful in formatting a response. Once you're ready, click use the testing to answer the ''Save'' button. following questions:
* '''Reviewer Intro Tour:Does the add-on act as described by the summary and description?''' remember to ask the guide to give <br />If it says it is an ad-blocker, does it do that or does it instead change your response a look before sending it. After submitting search engine and take over your first review, make sure you spend some time reading the rest of the guide.new tab page?
* '''Is the add-on generally functional?'''<br />If you click on the browser action, page action, sidebar, or options page, do the pages load correctly? We don’t reject for bugs or incomplete features, but if the add-on just does not work at all, we’d like to protect from a bad user experience. * '''Does logging in using developer-provided credentials give you access to the described functionality?'''<br />Developers are required to provide testing credentials if they use a service. Use these credentials to log in, and ensure that the advertised core functionality exists. * '''If opt-in/opt-out UI is for data collection presented, does it convey the consequences correctly? Does declining actually inhibit the data collection?'''<br />While you could see this during code review, it is sometimes easier to test. Try to trigger the opt-in/opt-out mechanism, and check if the wording informs the user about the consequences.<br /><br />An opt-in needs to have the default action be to decline, and at the same time it needs to remain possible to use the core functionality of the add-on after the user declines.<br /><br />Also check the Network panel in the Developer Tools to make sure the data collection is stopped after declining and does not occur before approving. * '''Does the data collected by the add-on comply with our policies?'''<br />The policies have fairly specific provisions on how the developer must handle data collection. With help of the network monitor, you can verify what kind of data is being sent to third party sites. You should load at least one (very simple) web site and identify additional requests by the add-on. * '''Are there any findings from the code review you would like to verify?'''<br />If the code made the impression that sensitive data is being sent but you are unsure, you could use this step to trigger the code in question and check if the data being sent is sensitive. If necessary, you can use the browser console, network monitor and other developer tools to help with functional testing. == Completing the Review ==Add-ons must be reviewed '''completely''', noting issues in the review comments field as you find them. We want to avoid sending multiple partial reviews to developers and give them an opportunity to address all policy violations at once in their next submission. Depending on the severity of the issue, add-on versions can either be rejected, or a reviewer reply with an information request can be sent. In order to support you in communicating with developer, and making consistent review decisions, we have prepared a set of [[Add-ons/Reviewers/Guide/ModerationReview Decision|Next: ModerationReview Decision Guidelines]]that you should take a moment to read right now. It contains important information on when a rejection is warranted and will explain how to complete the review. == Conclusion ==After reading this document you should be all set up to begin reviewing. You now know how to set up a review environment, are well versed in the different phases from add-on submission to completed review, and have gathered knowledge on how to make a well-informed decision on the review outcome. If you have any feedback on the review process or there is anything unclear in this guide, please get in touch with the admin team. Your comments will be valuable to improve our documentation and make sure you have all the tools you need to complete reviews effectively.
