For almost 3 months I have waited for my add-on to be reviewed, which finally happened yesterday. On the same day I had to push an update which fortunately has already been approved, however now I have received the following from the reviewer:
Reviewer:
erosman
Comments:
Your preliminary review request has
been approved.
Please note the following for the next update:
- Please do not store large
CSS sytlesheets in executable JS files. Please include them as separate files
within your XPI.
- I’m sorry, but we can’t allow the inclusion of
resources as data: URIs in static JavaScript strings, as doing so considerably
complicates the review process. Please include them as separate files within
your XPI.
- Due to both security and performance reasons, innerHTML (or
similar method e.g. insertAdjacentHTML, JQuery
append/prepend/appendTo/html/before/after/insertBefore/insertAfter) should not
be set using dynamic values. This can lead to security issues or fairly serious
performance degradation.
For inserting text, textContent (or JQuery text)
or createTextNode() should be used instead of innerHTML.
For inserting HTML,
the safer method is to use createElement(), textContent, appendChild() instead
of innerHTML.
Removing the innerHTML will improve add-on’s prospect of
approval.
First of all, my add-on is literally an adaptation of its userscript version, there is nothing unique to the add-on that is different than the userscript except the method of loading it in the add-on environment. I have created it in a way so that it could be used without any changes for Firefox, Chrome and both userscript managers: Greasemonkey and Tampermonkey.
Now in regards to each guideline:
1 - The current method I use to load CSS files is the only one I can use that works across all platforms. I have no way of loading external CSS files with userscripts so the current method used is the only one that works.
2 - The URIs are necessary and cannot be avoided, I do not host a dedicated service to host the image files and I do not wish to add a load on GitHub servers by hosting all of the images on their servers. I also cannot include them as separate files since this is not possible for the userscript version. If the issue is to check what images are being used it is very simple to open them, I can even create a simple JS tool which can open any data URI in the browser for inspection, I do not see how this is a valid reason to reject an add-on. I have only used icon URIs which don’t exceed 15kb
3 - I only use insertBefore because there is no other method of adding elements to the DOM, especially for creating UI elements and the settings menu, at the position that needs to be inserted, before certain elements. If there is an accepted different method of inserting elements before others I’d appreciate if you could tell me, otherwise this remark is unwarranted. To add more, none of the elements I add to the DOM are dynamic, every single element I create is first converted into a string before adding it to the DOM, all of them are static elements.
4 - I do not understand where this one comes from, in my entire software not once have I used innerHTML.
I do not intend to make a completely different version just for the add-on version of my software, I worked for months to make it work for all 3 platforms without having to change anything whenever I wanted to push an update.
If I will be forced to do anything different that might compromise the ability to have a common payload (userscript) just for Firefox AMO then I am sorry but you give me no choice but to completely drop the add-on version of my software. The review queues were a nightmare, now I am being greeted with these ultimatum warning guidelines, this is a very aggressive environment which discourages any further contribuition for the AMO store.
Will my add-on be disabled if I do not comply with the reviewers’ guidelines when I push the next update? Why did I receive them now and not when the add-on was first approved? Do I have to add to the notes for reviewers all of the above every single time I need to update the add-on?
These look like warnings from a Full Review, is it necessary for these to be sent for every update of a preliminarily reviewed add-on?