Hi Jeena,
Thanks for writing to the last about your experience submitting an app
to the marketplace using jQuery UI.
On 08/23/2013 08:40 AM, Gmail wrote:
and yet my app was rejected:
------------------
Reviewed by Andrew Williamson (15 hours, 40 minutes ago)
Hi, thanks for your submission. We found some issues which need
addressing: 1) Your app includes code which will be blocked from
executed by the CSP applied to privileged apps. The CSP prevents all
inline Javascript such as eval; new Function(); setTimeout and
setInterval (with String parameters); inline event handlers; new
<script> elements. It also prevents external scripts from being added
or used.
https://developer.mozilla.org/en-US/docs/Web/Apps/Packaged_apps#Types_of_packaged_apps
Once you've made the change please resubmit your app so we can take
another look.
------------------
So I understand the security issue, but I wonder if we (the fxos
project) could improve our support here.
It seems that common frameworks like jQuery should be a reasonable tool
for developers to use. A straight rejection like this due to the
framework is going to discourage adoption.
I wonder if we could work with the jQuery team to address the security
concerns, provide a guideline on how to adapt apps, or at least provide
a FAQ of frameworks we consider secure so people are more likely to be
aware of the issue. (Or does this exist and I just missed it?)
Is there anyone from developer engagement or support on the list who
might be able to help?
Thanks.
Ben
_______________________________________________
dev-b2g mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-b2g
