Download a .json from personnal website

alexy_duhamel · November 22, 2016, 9:16pm

Hello !

Some days ago, I submited an add-on named “Drive+” to review, the version I submited use a .json file included in the package. At the time i submited the add-on I didn’t knew how the whole verification system worked, so now I know, I’m thinking about making the file external.
This .json file will probably need to be updated very often, so instead of re-submiting the add-on each time, would it be ok for the firefox security measure to make the add-on download the .json from a website I would create ?

Thank you

erosman · November 23, 2016, 5:38am

There is no problem with getting a remote JSON (or other data).

The problem is how it is used and inserted.

For example, I have an addon myself which gets a remote JSON.
Addon checks hosts to see if it is in the host list in that JSON. No problem there.

If the data in JSON has to be inserted into a page, it as to be inserted in such way that it wont be executed. For example innerHTML, eval, etc are not allowed.

There are reservations like when the data is inserted as href or src or on… attribute since that can be executed.

The JSON data has to be text data and inserted as text. Then it should be OK.

alexy_duhamel · November 23, 2016, 5:38pm

Okay perfect ! Thank you What would you use to import the file in a var in the index.js ? (So i can send it to a contentScript without making the contentScript download the file each time)

erosman · November 24, 2016, 5:15pm

It is exactly the same process as you would with a local file. The difference is that you use XHR to get it (although you can use XHR to get local files too).
You should get it once when the browser starts since it is not going to change that quickly.

Look at the example on the following page (especially ‘response.json’)

For example:
var jsonResponse = JSON.parse(request.responseText);

alexy_duhamel · November 24, 2016, 8:33am

Thank you