Validation Results for cam.xpi
Validated at: |
---|
General Tests
Security Tests
Extension Tests
Localization Tests
Compatibility Tests
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
Access to the `Function` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
Access to the `eval` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
createElement() used to create script tag
Warning: Dynamic creation of script nodes can be unsafe if contents are not static or are otherwise unsafe, or if `src` is remote.
medium
Suggestions for passing automated signing:
Please avoid using <script> tags to load scripts. For potential alternatives, please see https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_D:_Loading_Scripts
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setInterval` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
Access to the `Function` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
`setTimeout` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
createElement() used to create script tag
Warning: Dynamic creation of script nodes can be unsafe if contents are not static or are otherwise unsafe, or if `src` is remote.
medium
Suggestions for passing automated signing:
Please avoid using <script> tags to load scripts. For potential alternatives, please see https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_D:_Loading_Scripts
`setInterval` called in potentially dangerous manner
Warning: In order to prevent vulnerabilities, the `setTimeout` and `setInterval` functions should be called only with function expressions as their first argument.
high
Suggestions for passing automated signing:
Please do not ever call `setTimeout` or `setInterval` with string arguments. If you are passing a function which is not being correctly detected as such, please consider passing a closure or arrow function, which in turn calls the original function.
Access to the `Function` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
Access to the `Function` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
Access to the `Function` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
Reference to critical user profile data
Warning: Critical files in the user profile should not be directly accessed by add-ons. In many cases, an equivalent API is available and should be used instead.
low
Suggestions for passing automated signing:
Please avoid touching files in the user profile which do not belong to your add-on. If the effects that you are trying to achieve cannot be replicated with a built-in API, we strongly encourage you to remove this functionality.
Access to the `eval` global
Warning: Evaluation of strings as code can lead to security vulnerabilities and performance issues, even in the most innocuous of circumstances. Please avoid using `eval` and the `Function` constructor when at all possible.
Alternatives are available for most use cases. See https://developer.mozilla.org/en-US/Add-ons/Overlay_Extensions/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons for more information.
high
Suggestions for passing automated signing:
Please try to avoid evaluating strings as code wherever possible. Read over the linked document for suggested alternatives. If you are referencing the `Function` constructor without calling it, and cannot avoid continuing to do so, consider alternatives such as calling `Object.getPrototypeOf` on an existing function object.
To create your own collections, you must have a Mozilla Add-ons account.