2 million users extension is not getting approved because Chrome Web Store Developer Support does not understand css selectors

305 views
Skip to first unread message

Ahmed Rafi Ullah

unread,
Oct 2, 2024, 1:14:11 PMOct 2
to Chromium Extensions, Patrick Kettner, Oliver Dunk
Hi, we have been trying to upload an extension that has 2 million users but keep getting rejected by the web store. We have clearly submitted information that these hits are false positives but they still reject the extension. It is very frustrating because mv2 is going away so we need to deploy the mv3 changes asap.

Our extension embeds ublock lite mv3. It includes css attribute selectors that reference urls like  http://assets.pinterest.com/js/pinmarklet.js , https://blogroll.livedoor.net/js/blogroll.js
and these get falsely flagged as remote code executions.

We have sent the reviewers more than enough information but they do no understand how css attribute selectors work.

This is what we sent them

ulesets/scripting/specific/annoyances-social.js
rulesets/scripting/specific/annoyances-widgets.js

The scripts mentioned are part of this larger context (note some of the code is not shown here for sake of saving space)

This below snippet is part of rulesets/scripting/specific/annoyances-social.js

;(self.specificImports = self.specificImports || []),
  self.specificImports.push({
   argsList: [
[…,
'.video-cta > .js-share,\n.video-infocard__share-icons',
'.vgc-socialshare',
'a[href*="http://assets.pinterest.com/js/pinmarklet.js"]',
'.player-detail__controls-item > .icon-share,\n.player-detail__controls-item > .icon-share + noindex',
 '.interaction-bar__share',
…]


http://assets.pinterest.com/js/pinmarklet.js is part of css attribute selector that targets hrefs containing this url


Similarly this below snippet is part of

rulesets/scripting/specific/annoyances-widgets.js

;(function uBOL_cssSpecificImports() {
 /******************************************************************************/
 const argsList = [
  '#SinoptikInformer',
  '#customer-survey_feature_div',
…,
'div[style="height:340px;margin:0;padding:0;overflow:auto;"]',
  '.rss-wrap',
  '#center > div.plugin3_outline:has(> div[class$="_body"] p > a[href^="http://newmofu.doorblog.jp/"]),\n#center > div.plugin3_outline:has(> div[class] script[src="https://blogroll.livedoor.net/js/blogroll.js"]),\n.ently_text > div[style="background-color: #FFFFFF;margin: 10px 0px 25px 0px;padding: 14px 8px 20px;"]',
  '#custom_html-18',
  '#container > div[style^="width:1218px;"],\niframe[src="http://matometanews.com/rss.html"]',
  '#header_outline > center > table[width="395"]',
…,
]

As you can see "https://blogroll.livedoor.net/js/blogroll.js" is part of a css attribute, these attribute selectors part of a larger array of attribute selectors. They are used to target elements on a web page as part of adblocking.

Note that these files are part of ublock lite https://chromewebstore.google.com/detail/ublock-origin-lite/ddkjiahejlhfcafbddmgiahcphecmpfh?hl=en an extension that is already on the chrome web store.


We do not know what to do now as the adblock functionality is critical to our extension. And these false flagged rejections are stopping us from delivering mv3 updates to our 2 million customers.

Is there any thing we can do to fix this. The reviewers said to remove this code which is obviously critical to adblocking capabilites and cannot be removed. The above code is clear, these are not loading or executing remote code.

Any and all help would be greatly appreciated.

Ahmed Rafi Ullah

unread,
Oct 2, 2024, 1:15:56 PMOct 2
to Chromium Extensions, Ahmed Rafi Ullah, Patrick Kettner, Oliver Dunk
I can provide more information about the extension if you need it please let us know

Ahmed Rafi Ullah

unread,
Oct 2, 2024, 1:22:26 PMOct 2
to Chromium Extensions, Ahmed Rafi Ullah, Patrick Kettner, Oliver Dunk

Its code is blue argon

Oliver Dunk

unread,
Oct 2, 2024, 1:25:19 PMOct 2
to Ahmed Rafi Ullah, Chromium Extensions, Patrick Kettner
Hi Ahmed,

Based on what you've shared, it does seem like this might be a false positive. We would need to look at the item to know for sure though as it's possible the reviewer flagged something that we would consider a violation of our policies.

Would you be able to share the item ID? I'd then be happy to take a look :)

Thanks,
Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

Ahmed Rafi Ullah

unread,
Oct 2, 2024, 1:31:26 PMOct 2
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Patrick Kettner, Ahmed Rafi Ullah
Hi Oliver, thank you for taking a look at this :) 

This is the id of the extension fgcngeihbacfndglmmmdkkdlhgndkaaf

It is an experimental/beta version and will be the one to replace our mv2 extension with 2 million users

Oliver Dunk

unread,
Oct 2, 2024, 4:36:18 PMOct 2
to Ahmed Rafi Ullah, Chromium Extensions, Patrick Kettner
Hi Ahmed,

Thanks for sharing this. I've asked the team to take another look - I'll let you know when I hear back.

Thanks,
Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

Ahmed Rafi Ullah

unread,
Oct 4, 2024, 11:53:36 AMOct 4
to Chromium Extensions, Oliver Dunk, Chromium Extensions, Patrick Kettner, Ahmed Rafi Ullah
Thank you Oliver, please let me know if there is an update on this.

Many thanks for helping us.

Ahmed Rafi Ullah

unread,
Oct 4, 2024, 12:01:45 PMOct 4
to Chromium Extensions, Ahmed Rafi Ullah, Oliver Dunk, Chromium Extensions, Patrick Kettner
It was approved, although i have to upload another build.

Thank you for your help!

Oliver Dunk

unread,
Oct 4, 2024, 2:54:33 PMOct 4
to Ahmed Rafi Ullah, Chromium Extensions, Patrick Kettner
Thanks for closing the loop! I appreciate your patience while we sorted that out.
Oliver Dunk | DevRel, Chrome Extensions | https://developer.chrome.com/ | London, GB

Reply all
Reply to author
Forward
0 new messages