browser-extension
browser-extension copied to clipboard
gitcoinco
Provide Firefox version of Gitcoin Chrome Extension
Firefox now provide web extension API which is similar to Chrome https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Porting_a_Google_Chrome_extension
And MetaMask already provided the Firefox extension https://addons.mozilla.org/en-US/firefox/addon/ether-metamask/?src=api
this is a great idea. if anyone wants to fund a bounty for it or dev it, i'm all 👂 s
funding this now.
requirements:
- a way (preferably an automated script) to build the current codebase for firefox.
- (just porting the existing codebase to firefox is not acceptable, as ongoing changes to upstream chrome extension will need to be merged downstream into firefox on an ongoing basis)
- deliver all assets for submission to firefox add-on store ( https://addons.mozilla.org/en-US/firefox/ )
if anyone feels like the issue is underpriced leave a comment and we can work it out
This issue now has a funding of 0.05 ETH (39.7 USD) attached to it.
- If you would like to work on this issue you can claim it here.
- If you've completed this issue and want to claim the bounty you can do so here
- Questions? Get help on the Gitcoin Slack
- $11187.5 more Funded OSS Work Available at: https://gitcoin.co/explorer
I suppose not all functions are compatible with Firefox, see compatibility report based on: https://www.extensiontest.com/test/b105f3f0-e5b8-11e7-8ba1-af95702cad20
{ "compat": [ { "message": "extension.onMessage is not supported", "locations": [ { "file": "script/background.js", "line": 1 } ] }, { "message": "extension.sendMessage is not supported", "locations": [ { "file": "script/pageload/functions.js", "line": 9 } ] } ], "errors": [ { "message": "Banned 3rd-party JS library", "locations": [ { "file": "script/popup/jquery.js" } ] } ], "warnings": [ { "message": "Unsafe assignment to innerHTML", "locations": [ { "file": "script/pageload/functions.js", "line": 4 } ] } ] }
http://bits.owocki.com/1e1z0o0f2E0a/Screen%20Shot%202017-12-20%20at%205.06.36%20PM.png
i get a 404
based upon the result you posted, it seems that theres a few things we'll have to update :)
Finally got some time to deal with this... Sent PR to make the extension compatible with Firefox Extension https://github.com/gitcoinco/chrome_ext/pull/19
And uploaded it to mozilla addon https://addons.mozilla.org/en-US/firefox/addon/gitcoin/
@gasolin thank you!
https://addons.mozilla.org/en-US/firefox/addon/gitcoin/ returns a 404 for me. is it live yet? i'd love to review the listing before it's live.
can you give me permissions to manage the extension on addons.mozilla.org ?
Is the bounty still live for 'providing a script' or similar instead of just porting? Tried claiming this or one of the other extension bounties but somehow always ran out of gas or something else... for one of the bounties metamask suggested 200 $ equiv in gas ... if anything I would want to earn ether, not spend the little that I have in metamask atm... I wouldn't mind waiting a bit longer until it is included, but is it somehow still possible to pay at most 1$/1€ equivalent or not?
@owocki 0.10 is drawn from reviewer because of the origin code inject JS via innerHTML. I made an extra patch to use browser.tabs.executeScript API instead of innerHTML and update 0.11. Now all lint warning are gone and is listed https://addons.mozilla.org/en-US/firefox/addon/gitcoin/
I also saw some issues but may not block this work:
- match pattern in manifest.json matched all web site, but maybe this extension just need to deal with github?
- chrome debugger report XMLHTTPReqest is synchronous, could be write in async way
Could fix them when the main file arch is settled
match pattern in manifest.json matched all web site, but maybe this extension just need to deal with github?
probably good to fix this
chrome debugger report XMLHTTPReqest is synchronous, could be write in async way
i could go either way on this. what do you think?
Is the bounty still live for 'providing a script' or similar instead of just porting? @gasolin do you feel like your PR covvers this? or should cover it?
strangely... when i install this extension, it doesnt show up in the menu bar... so im not sure how to test it http://bits.owocki.com/3x0v3k443N2U/Screen%20Recording%202017-12-22%20at%2011.29%20AM.mov
Mmmh, seems to work fine for me. Maybe just some loading error or not added automatically? If you go to 'customize' is it there?
It should shows in the menu bar... The PR provided npm script for build and lint, others can use it to build different browser extensions.
match pattern in manifest.json matched all web site, but maybe this extension just need to deal with github?
probably good to fix this
chrome debugger report XMLHTTPReqest is synchronous, could be write in async way
i could go either way on this. what do you think?
I think these 2 issues are not directly related to this issue and does not block publish the addon. So its better to file separate issues to solve them.
hmm now i can't install it from the add on store because of this error .
http://bits.owocki.com/2v3c2n0j101R/Screen%20Shot%202017-12-26%20at%205.23.25%20PM.png
If you go to 'customize' is it there?
ahh yes there it is! disregard the above
@gasolin i just got this email from firefox dir http://bits.owocki.com/263U2M1q043e/Screen%20Shot%202017-12-26%20at%207.08.36%20PM.png
@gasolin @owocki I'm currently working on a cross-browser solution for WebExtensions API and it will work with any browser supporting the API, including Opera, Brave, Firefox and Edge.
Not sure how to proceed since you've made the PR to add Firefox to the list.
@rafaelfragosom I guess the major porting work will be related to Firefox https://developer.mozilla.org/en-US/Add-ons/WebExtensions/Chrome_incompatibilities , since the patch applied webextension-polyfill, you can help extend package.json to add build scripts for Opera, Edge..etc and check if it still works well on Chrome and other browsers who share the same chrome API
@gasolin Sure thing.
@owocki Can you accept the PR? I'm gonna start working on the other browsers.
@rafaelfragosom are you talking about this PR? https://github.com/gitcoinco/chrome_ext/pull/19
@gasolin it has a bunch of merge conflicts. can you tackle those? also its still labeled as "WIP" fwiw.
@rafaelfragosom PR 25 landed the basis structure which support npm script https://github.com/gitcoinco/chrome_ext/pull/25
You can base on current master branch and add new browser build script without wait for the firefox addon support
from mozilla
Your add-on Gitcoin has been reviewed and one or more of of its versions have been disabled due to critical issues discovered.
Details:
This add-on is creating DOM nodes from HTML strings containing potentially unsanitized data, by assigning to innerHTML, jQuery.html, or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en/XUL_School/DOM_Building_and_HTML_Insertion . Here are some examples that were discovered:
popup/index.js#192 and others
Version(s) affected and disabled:
0.12
That is caused by Firefox addon has a more strict policy for using innerHTML.
We should remove jquery.append and construct the DOM with createElement instead
https://github.com/gitcoinco/chrome_ext/blob/master/src/script/popup/index.js#L192
I'll file separate bugs for those improvements
@gasolin Bumping this... any update / does it make sense to claim this one? cc @owocki
Ooh I should link related bugs to this issue
- merged #25 move extension into src/ folder #26 simplify body flow #32 scope content scripts to github domain only #30 construct the DOM with createElement instead of jquery.append
Here is the extension working on Firefox. https://addons.mozilla.org/en-US/firefox/addon/kenneth-nicholson/