Upon submitting 1.67.5, the Firefox review team disabled all versions of Vimium since 4 years ago (!) for the reason below. This looks like a bogus reason, since the content being injected into options.js is HTML packaged with the extension.
This add-on didn't pass review because of the following problems:
- This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Safely_inserting_external_content_into_a_page . Here are some examples that were discovered: pages\options.js - line 429
Version(s) affected and disabled:
1.65, 1.65.1, 1.66, 1.67, 1.67.1, 1.67.2, 1.67.3, 1.67.4, 1.67.5