Changes

The following sections show a few common examples on how to respond to certain policy violations. Please note however these are merely examples intended to convey the intent we have with the policies. It should not be considered a complete list of review decisions. You will find the following actions: * '''Approve''': The add-on can be approved, or approval confirmed* '''Delayed Rejection''': The add-on should be rejected, with the option to delay the rejection set.* '''Reject Immediately''': The add-on should be rejected immediately without a delay* '''Escalate''': Make use of the [https://extensionworkshop.com/documentation/publish/add-ons-blocking-process/ blocking process] and/or make AMO admins aware of the issue.

| The add-on sends all visited URLs to a third party service without adhering to the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements]. || RejectImmediately

| The add-on uses means such as webRequest to circumvent the permission prompts for new tab page, homepage or search engine changes. || RejectImmediately

| The add-on changes browsing behavior inhibiting user actions, such as closing or hiding about:addons or other special pages when opened . || Escalate

| The add-on unexpectedly makes use of redirection to block the user from visiting certain sites without providing the user an option to circumvent the redirection. The add-on is violating the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises policy]. || RejectImmediately

| The add-on silently modifies web content, for example by exchanging words and images, or adding content. This feature is not part of the core functionality and is not described to the user in any way. || Delayed Reject

| The add-on describes itself as e.g. “VPN Service”, while at the same time it also provides something completely unrelated to the add-on’s core function, such as altering the new tab page and providing affiliate search results.<br /><br />The additional features are not stated in the description, and there is no opt-in for the additional feature, violating the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements]. || RejectImmediately

| An add-on provides UI to allow the user to make a no surprises choice, but the default action is to accept the choice (hence not an opt-in), or does not make clear which add-on is requesting the user choice. || Delayed Reject

| An add-on makes use of an “unexpected” feature as per no-surprises policy, but fails to indicate so in the add-on description. || Request InfoDelayed Reject

| Sexual Content: An add-on contains obscene or pornographic images in the icon, screenshots, or anywhere within the add-on UI . || RejectImmediately

| Sexual Content: An add-on contains images of potential or actual child pornography . || Escalate

| Hate Speech: The add-on listing or UI attacks a person or group based on the attributes described in the [https://www.mozilla.org/en-US/about/legal/acceptable-use/ acceptable use policy].<br /><br />If you are unsure certain phrasing is acceptable or not, please contact an admin. || RejectImmediately

| Spam: The add-on clearly has the sole purpose of linking to a product or website and at the same time does not offer any functionality (e.g. “WATCH THISMOVIE ONLINE”) . || RejectImmediately

| Spam: The listing contains a large amount of words and links unrelated to the add-on’s functionality clearly intending to increase SEO rating . || RejectImmediately

| Trademarks: The add-on on’s code, functionality or service used indicates that payment is named “Mozilla Frobnicator” or “Firefox Spice Dispenser”, instead required to use the core functionality of “Frobnicator for Mozilla” or “Spice Dispenser for Firefox” the add-on but the developer has not selected this option in the listing. || Delayed Reject

| The add-on’s codeon only functions within a closed environment, functionality such as only for employees of a specific company (“internal or service used indicates that payment is required to use the core functionality of the add-on but the developer has not selected this option in the listing private use”). || Request InfoDelayed Reject

| The add-on only functions within a closed environment, such as only for employees of a specific company (“internal or private use”) || Reject|-| Users can only sign up to the service using a “contact us” link on the website. There is no apparent web sign-up process.<br /><br />(Note that especially on sites with foreign languages, maybe you just missed it. Best to ask the developer to provide information on how a user would sign up. If they can’t provide the information or confirm there is no web sign-up process, the add-on can be rejected) . || Request InfoDelayed Reject

| The add-on listing is well described, but requires knowledge of the specific system being used in combination with the add-on . || Approve

| The add-on requires use of an external service that is only available with login credentials, and the developer has not provided them. || Request InfoDelayed Reject

| The add-on contains obfuscated code (as opposed to minified code). <br /><br/>(Please see the [https://developer.mozilla.org/docs/Mozilla/Add-ons/Source_Code_Submission#Use_of_obfuscated_code Source Code Submission] page on how to differentiate obfuscated and minified code. Not everything that is unreadable is obfuscated.) | RejectImmediately

| The add-on contains obfuscated code that seems to intentionally violate the policy. || Reject Immediately and Escalate

| The add-on contains transpiled, minified or otherwise machine-generated code and has not provided source code. || Request InfoDelayed Reject

| The add-on requests additional permissions that are not required for the add-on to function. || Delayed Reject

| The add-on requests additional permissions that are not required for the add-on to function. The developer argues they will need them in a future update. || Reject|-| The add-on loads and executes remote code || Reject|-| The add-on uses a http channel to exchange sensitive information such as user credentials || Delayed Reject

| The add-on contains a large amount of duplicate files, or files not loaded by the add-on loads and executes remote code. || Request InfoReject Immediately

| There is a ''noticeable'' impact The add-on performance, for example opening uses a new tab takes very long because the new tab page is very resource-intensive http channel to exchange sensitive information such as user credentials. || RejectImmediately

| The developer has failed to provide links to third party librariesadd-on contains a large amount of duplicate files, or the links do files not point to loaded by the original maintainer’s website add-on. || Request InfoDelayed Reject

| The add-There is a ''noticeable'' impact on includes a deliberately modified version of performance, for example opening a known library, e.g. adding additional code to new tab takes very long because the librarynew tab page is very resource-intensive. || RejectImmediately

| The add-on includes a developer has not provided links to third party libraries, the links do not point to the original maintainer’s website, the library that does not match the original checksum, and it is unclear what modification is madefrom the developer.<br /><br />The developer should be asked to provide the link where they received the library as per the [https://developer.mozilla.org/en-US/Add-ons/Third_Party_Library_Usage Third Party Libraries Usage guidelines]. If there is any indication that the modifications are intentionally violating policy, please [https://extensionworkshop.com/documentation/publish/add-ons-blocking-process/ reject immediately and escalate]. || Request InfoDelayed Reject

| The add-on makes use of nativeMessaging . || Request Super Review

| The add-on sets a newtab page that redirects to a remote page. || RejectImmediately

| The add-on uses a privacy policy which is merely a link to an external website . || Request InfoDelayed Reject

| On a quick skim, the privacy policy seems to be about a website more than it is about the add-on . || Request InfoDelayed Reject

| After code review it is clear that the add-on exchanges data with a third party service, but the add-on description and summary do not include a summary of the information collected . || Request InfoDelayed Reject

| The main purpose of the add-on is to collect and analyze form data. Therefore, the add-on collects personal data such as the name and email of the user and sends the data to the service, but without an opt-in for personal data. || RejectImmediately

| An add-on collects all visited browser URLs without notice, as part of a feature that does not relate to the primary functionality of the add-on.<br /><br />This is considered collecting ancillary information not explicitly required for the add-on’s basic functionality. || RejectImmediately

| The add-on collects personal data or passwords and sends it via http to a service. || RejectImmediately

| The add-on exchanges data with a native application via native messaging, but the data being exchanged is not summarized in the description nor mentioned in the privacy policy. || Request InfoDelayed Reject

| The add-on exchanges data via native messaging that does not belong to the primary functionality of the add-on and fails to adhere to the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements].<br/><br/>In severe cases, such as when sensitive data is being exchanged, please reject immediately. || Delayed Reject

| The add-on stores information about tabs, but fails to exclude storing information from private browsing mode tabs. || Delayed Reject

| The add-on stores provides a search box for Google, Bing, Amazon etc . and search requests go through another website. || RejectImmediately

| The add-on injects remote data into an extension page or web page using innerHTML or other methods without prior sanitation. || RejectImmediately

| The add-on makes use of React’s ''dangerouslySetInnerHTML'' with remote unsanitized data . || RejectImmediately

| The add-on makes use of remote CSS scripts, which can cause security vulnerabilities in combination with libraries such as React and Angular. || RejectImmediately

| The add-on has a monetization feature but does not present a user control mechanism at startup. || Delayed Reject

| The monetization feature sends personal data, but the user control mechanism at startup is not an opt-in (ie.eg. default choice is to accept) . || RejectImmediately

| The add-on sends data unrelated to the add-on’s function (ancillary data) specifically for monetization purposes. || RejectImmediately

| The add-on monetizes by injecting ads into web pages, but fails to identify the content as belonging to the add-on . || Delayed Reject

| The add-on includes a crypto-mining function that mines coins in the background for the profit of the developer . || RejectImmediately

| The add-on contains a crypto-mining function for the profit of the user (this is still a performance issue) . || RejectImmediately

| The add-on shows information about crypto coins by querying a web service for information (this is not mining) . || Approve

| The add-on changes all Amazon links on web pages to add affiliate tags to profit the developer . || RejectImmediately

| The add-on has links that include affiliate tags within the browser popup of the add-on . || Approve