stdin.txt

ID:       shopping-assistant
Name:     Shopping Assistant: Compare with Amazon, eBay .etc
Type:     Full Update
Action:   Prelim
Review:   https://addons.mozilla.org/en-US/editors/review/shopping-assistant
Overview: https://addons.mozilla.org/en-US/firefox/addon/shopping-assistant/
Version:  3.1.1
File:     ☑ All Platforms 140192 

This version didn't pass full review because of the following issues:

1) Your add-on creates DOM nodes from HTML strings containing unsanitized data, by assigning to innerHTML or through similar means. Aside from being inefficient, this is a major security risk. For more information, see https://developer.mozilla.org/en/XUL_School/DOM_Building_and_HTML_Insertion

2) Your add-on uses the 'eval' function or Function constructor unnecessarily, which is something we normally don't accept. There are many reasons *not* to use 'eval', and also simple alternatives to using it. You can read more about it here: https://developer.mozilla.org/en/XUL_School/Appendix_C:_Avoid_using_eval_in_Add-ons

3) I get the following errors in the Error Console:

Error: setTimeout is not defined
Source file: resource://ruyitao/search-engine.js
Line: 234
 ----------
Error: 2012-01-10 07:22:54 [ERROR]get site config failed: status code(500)

We recommend that you use the prefwindow element (https://developer.mozilla.org/en/XUL/prefwindow) or inline options (https://developer.mozilla.org/en/Extensions/Inline_Options) to manage your preferences. They are more portable and consistent than hand-rolled UIs, and can save you some coding time.

You need to correct them to get full approval. Thanks.