Hi, i am converting a extension from chrome to firefox. when i submit to AMO, i receive a mail with content;
AngularJS 1.x is considered highly insecure for add-on code and will only be
allowed until the end of September. We strongly recommend using another
framework.
i do not understand. when I sent this to Chrome store, I did not receive a similar notice.
Thank you for read
As far as I know the Chrome store if you upload to the Chrome store, there is no review whatsoever (people would need to actively complain to have malicious stuff taken down).
If you want to upload to AMO, you have to comply with their code guidelines to pass the (manual) code review.
Since you are using a framework that apparently has some severe security issues, your add-on doesn’t pass those tests. (Or rather, will fail soon.)
So if you want to get an updated version of your extension approved after September, you have to remove Angular 1 (and use Angular 2 or whatever).
Like NilkasG said, Google Chrome doesn’t have any review process to filter out malicious add-ons, so you wouldn’t have got a notice. AMO has actual people review the add-ons in order to protect users.
Hi there, does somebody know if Angular 2 fixed those security issues? Is it possible that also applications which are using Angular 2 soon dont pass those tests anymore? Are there official news from mozilla?
Hey guys, this is a game breaking issue for us. We developed a web extension and currently we’re on angular 1.5.8. If we use this directive (ngCsp), is there a chance to get approved? What are our options?
Hi @glazy and @philandrop - discussion between the AMO Admins and Angular 1 lead is under way, please see here for updates:
Angular 2 is accepted, FYI.
thank you 