Dynamically importing mv3 APIs from webextensions-polyfill being rejected from Chrome Web Store
65 views
Skip to first unread message
NOIR APPS
9:34 AM (3 hours ago) 9:34 AM
to Chromium Extensions
Hi Chrome Web Store,
Our extension (ejnndgifkmlldcdlifjaeanhjegoafcl) has consistently been rejected the last several attempts with violation reference Purple Potassium. I believe this may be to do with permissions being dynamically imported from the webextensions-polyfill package.
I believe this may be due to how the bundle is being output, and perhaps that the usual 'chrome.xyz' may not be searchable/discoverable. This change was done so our app can be run purely as a webapp and a browser extension.
const { search } = await import("webextension-polyfill");
This becomes minified to something like this:
let{search:t}=await Promise.resolve().then(i.t.bind(i,46223,23));
This becomes minified to something like this:
let{search:t}=await Promise.resolve().then(i.t.bind(i,46223,23));
Appealing the rejection and mentioning above hasn't resolved the rejections.
Our most recent rejection managed to identify the 'search' api was being used, however it was rejected for not using 'topSites' - which I have manually confirmed that both permissions are indeed being used and called in the bundle.
Hoping to get this resolved soon,
Thanks!
Oliver Dunk
9:40 AM (3 hours ago) 9:40 AM
to NOIR APPS, Chromium Extensions
Hi,
I think your hunch may be correct. Looking at your submission, it is indeed hard to see how that API is being called given how the polyfill is being bundled.
I would encourage you to open an appeal using https://support.google.com/chrome_webstore/contact/one_stop_support and sharing the same explanation.
If you can, it may also be worth seeing if you can adjust your bundler settings to make the usage more obvious. You don't have to do this (it is our job to understand minified code!) but it may reduce the chance you run into issues in the future. Your code certainly looks harder to read than other submissions that use the polyfill.
--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/d8956e7c-118c-4552-b307-01edb7a30dd5n%40chromium.org.
NOIR APPS
9:54 AM (3 hours ago) 9:54 AM
to Chromium Extensions, Oliver Dunk, Chromium Extensions, NOIR APPS
Thanks Oliver - I will look in to the bundle config to see what I can do on my end and I have opened an appeal via the one stop support.
I'm wondering, would leaving an inline comment of some sort on the usage line and letting that comment come through in the minified bundle work? Or does there actually need to be code that calls out literally with 'chrome.xyz' for the static analysis to work? Thank you for taking the time to respond.
Oliver Dunk
10:02 AM (3 hours ago) 10:02 AM
to NOIR APPS, Chromium Extensions
Comments wouldn't hurt, and may help, but we can't trust them verbatim as anyone could lie :)
I can't share too much detail about the process but review is a combination of automated and manual review, so this isn't a case of "if static analysis doesn't catch it, you will definitely be rejected". You don't need to call `chrome.xyz` explicitly but the more indirection there is the more likely it is you might run into issues.
NOIR APPS
10:16 AM (3 hours ago) 10:16 AM
to Chromium Extensions, Oliver Dunk, Chromium Extensions, NOIR APPS
Thanks Oliver. I will try and see if I can get rspack to leave in some inline comments then (even if it may help slightly).
Just lastly, i'm receiving emails from "Yannick Kamin" from this thread in my Gmail. I've never used Google groups before, is this a legit person/email to the Chrome Web Support team? Slightly confused as the emails I am receiving are replies to this thread, but I can't see "Yannick Kamin" emails in this thread. I am reading/replying to this group from the groups.google.com domain, not via email, so not quite sure if the Yannick Kamin person is real/scam or what not.
Just lastly, i'm receiving emails from "Yannick Kamin" from this thread in my Gmail. I've never used Google groups before, is this a legit person/email to the Chrome Web Support team? Slightly confused as the emails I am receiving are replies to this thread, but I can't see "Yannick Kamin" emails in this thread. I am reading/replying to this group from the groups.google.com domain, not via email, so not quite sure if the Yannick Kamin person is real/scam or what not.
Thanks
Oliver Dunk
10:19 AM (3 hours ago) 10:19 AM
to NOIR APPS, Chromium Extensions
Yannick Kamin is not a Googler.
Jack
10:24 AM (3 hours ago) 10:24 AM
to Chromium Extensions, Oliver Dunk, Chromium Extensions, NOIR APPS
New users have their posts and replies in here go into review before showing on the thread, but you will still receive an immediate email of their post since you are in this Google group.
That's what’s happening for Yannick, his posts are in review, but you see them in your email immediately.
Reply all
Reply to author
Forward
0 new messages