MozillaWiki

Add-ons/Reviewers/Guide/Reviewing: Difference between revisions

Page Discussion

Add-ons/Reviewers/Guide/Reviewing (view source)

Revision as of 18:48, 24 July 2018

4 bytes removed ,  24 July 2018
m
Fix typo
m (Update image alignment)
m (Fix typo)
Line 107: Line 107:
Reviewing add-ons is a lot about following data around through the security boundaries within the add-on. A web page has less privileges than a WebExtension content page, which has less privileges than the WebExtension background page.  
Reviewing add-ons is a lot about following data around through the security boundaries within the add-on. A web page has less privileges than a WebExtension content page, which has less privileges than the WebExtension background page.  


We recommend that you you concentrate on finding code where data is being injected or executed (e.g. use of innerHTML), then backtracking to see where the data originates to determine if it is safe.  
We recommend that you concentrate on finding code where data is being injected or executed (e.g. use of innerHTML), then backtracking to see where the data originates to determine if it is safe.  


Likewise, when data leaves the user’s computer, you’d want to backtrack to the origin to identify what exact data is being transmitted.
Likewise, when data leaves the user’s computer, you’d want to backtrack to the origin to identify what exact data is being transmitted.
One
Confirmed users
207

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1197875"