Hi, we have been trying to upload an extension that has 2 million users but keep getting rejected by the web store. We have clearly submitted information that these hits are false positives but they still reject the extension. It is very frustrating because mv2 is going away so we need to deploy the mv3 changes asap.
Our extension embeds ublock lite mv3. It includes css attribute selectors that reference urls like
and these get falsely flagged as remote code executions.
We have sent the reviewers more than enough information but they do no understand how css attribute selectors work.
ulesets/scripting/specific/annoyances-social.js
rulesets/scripting/specific/annoyances-widgets.js
The scripts mentioned are part of this larger context (note some of the code is not shown here for sake of saving space)
This below snippet is part of rulesets/scripting/specific/annoyances-social.js
;(self.specificImports = self.specificImports || []),
self.specificImports.push({
argsList: [
[…,
'.video-cta > .js-share,\n.video-infocard__share-icons',
'.vgc-socialshare',
'a[href*="
http://assets.pinterest.com/js/pinmarklet.js"]',
'.player-detail__controls-item > .icon-share,\n.player-detail__controls-item > .icon-share + noindex',
'.interaction-bar__share',
…]
http://assets.pinterest.com/js/pinmarklet.js is part of css attribute selector that targets hrefs containing this url
Similarly this below snippet is part of
rulesets/scripting/specific/annoyances-widgets.js
;(function uBOL_cssSpecificImports() {
/******************************************************************************/
const argsList = [
'#SinoptikInformer',
'#customer-survey_feature_div',
…,
'div[style="height:340px;margin:0;padding:0;overflow:auto;"]',
'.rss-wrap',
'#center > div.plugin3_outline:has(> div[class$="_body"] p > a[href^="
http://newmofu.doorblog.jp/"]),\n#center > div.plugin3_outline:has(> div[class] script[src="
https://blogroll.livedoor.net/js/blogroll.js"]),\n.ently_text > div[style="background-color: #FFFFFF;margin: 10px 0px 25px 0px;padding: 14px 8px 20px;"]',
'#custom_html-18',
'#container > div[style^="width:1218px;"],\niframe[src="
http://matometanews.com/rss.html"]',
'#header_outline > center > table[width="395"]',
…,
]
Note that these files are part of ublock lite
https://chromewebstore.google.com/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh?hl=en an extension that is already on the chrome web store.
We do not know what to do now as the adblock functionality is critical to our extension. And these false flagged rejections are stopping us from delivering mv3 updates to our 2 million customers.
Is there any thing we can do to fix this. The reviewers said to remove this code which is obviously critical to adblocking capabilites and cannot be removed. The above code is clear, these are not loading or executing remote code.
Any and all help would be greatly appreciated.