web-ext lint results

[pdehaan]

... nothing too surprising here. Feel free to close if you don't feel scared by the output.

$(npm bin)/web-ext lint -s addon
Validation Summary:

errors          0
notices         1
warnings        1

NOTICES:

Code                  Message                Description                                             File                         Line   Column
MOZILLA_COND_OF_USE   Violation of Mozilla   Words found that violate the Mozilla conditions of      webextension/background.js
                      conditions of use.     use. See
                                             https://www.mozilla.org/en-US/about/legal/acceptable…
                                             -use/ for more details.
WARNINGS:

Code                    Message                Description                                            File                          Line   Column
UNSAFE_VAR_ASSIGNMENT   Unsafe assignment to   Due to both security and performance concerns, this    webextension/content-scrip…   57     5
                        innerHTML              may not be set using dynamic values which have not     t.js
                                               been adequately sanitized. This can lead to security
                                               issues or fairly serious performance degradation.

The "NOTICE" is the following naughty word (per mozilla/addons-linter /src/badwords.json): https://github.com/gregglind/addon-wr/blob/191d7b000265e174d38a5bcc77d76e67a792dd9e/addon/webextension/background.js#L18

The "WARNING" is the unsanitized .innerHTML set, at: https://github.com/gregglind/addon-wr/blob/191d7b000265e174d38a5bcc77d76e67a792dd9e/addon/webextension/content-script.js#L56-L61

Not sure if there is a better way to construct links/DOM, but considering the anchor href is set from a const, I don't think there is any XSS risks. But when in doubt, we could ask the sec team.