We want to thank Andrew Williamson and the Mozilla Community. Andrew is an AMO editor. AMO editors coach developers on how to improve their extensions to the point where they can be publicly available in the Mozilla Add-on Directory. In our case, Andrew reviewed the 100,000+ lines of code of the feedly extensions and provided us some very useful feedback. He was always extremely responsive, patient and supportive.
Here are some of the lessons we learned over the last 3 months:
- The add-ons distributed on the Mozilla Add-ons site should not have their own update mechanism. They should instead use the Mozilla native update framework. We changed the feedly update and version management to align with that.
- The add-ons should *never* eval data coming from remote services (even if the content is coming from well trusted sources like Google, Yahoo and others). The solution is to either parse the JSON content if the content is JSON (the native JSON parser on the browser mean there is no real performance penalty for parsing vs. eval’ing) or in the worse case use Components.utils.Sandbox
- Make sure that you have a clear and explicit policy statement and embed it inside the add-on so that it is easier for users to review it. In our case, we extended our policy statement to describe how we use google analytics to track anonymously which features of the product a user uses and how we aggregate that information to understand which parts for the service need to be re-designed.
Andrew: we want to thank you for generously investing your time, coaching us and helping make feedly a better add-on. People like you are the reason why Mozilla is such a vibrant community.