Firefox port #16
Open
Firefox port #16
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
8 issues found across 12 files
Prompt for AI agents (all issues)
Check if these issues are valid — if so, understand the root cause of each and fix them.
<file name="scripts/background.js">
<violation number="1" location="scripts/background.js:1">
P1: This will throw in environments where `browser` is undefined (e.g., Chrome), preventing the background script from loading. Use a safe fallback to the existing `chrome` global.</violation>
<violation number="2" location="scripts/background.js:12">
P2: Declare `sourceUrl` with `const`/`let` to avoid leaking a global variable into the background script scope.</violation>
</file>
<file name="README.md">
<violation number="1" location="README.md:16">
P3: Fix the spelling of “Temporaty” to “Temporary” in the installation heading for clarity.</violation>
<violation number="2" location="README.md:18">
P3: Correct the spelling of “temporaty” to “temporary” in the add-on installation step.</violation>
</file>
<file name="scripts/exp.js">
<violation number="1" location="scripts/exp.js:1">
P2: Guard against `browser` being undefined; this line throws in Chrome, breaking existing extension usage. Use a conditional alias instead of directly referencing `browser`.</violation>
</file>
<file name="scripts/utils.js">
<violation number="1" location="scripts/utils.js:112">
P2: Guard against missing `originUrl` before calling `new URL(...)`. `originUrl` is optional for webRequest details, so `new URL(initiator)` can throw and stop scanning for requests without an origin.</violation>
</file>
<file name="scripts/popup.js">
<violation number="1" location="scripts/popup.js:1">
P1: Directly assigning `browser` breaks Chrome because `browser` is undefined there. Use a guarded fallback so Chrome continues to work.</violation>
</file>
<file name="scripts/content_script.js">
<violation number="1" location="scripts/content_script.js:1">
P2: Unconditionally assigning `browser` to `chrome` will throw in Chrome where `browser` is undefined, breaking the content script. Use a guarded assignment that falls back to `chrome` when `browser` isn’t available.</violation>
</file>
Since this is your first cubic review, here's how it works:
- cubic automatically reviews your code and comments on bugs and improvements
- Teach cubic by replying to its comments. cubic learns from your replies and gets better over time
- Ask questions if you need clarification on any suggestion
Reply with feedback, questions, or to request a fix. Tag @cubic-dev-ai to re-run a review.
| @@ -1,3 +1,5 @@ | |||
| var chrome = browser; | |||
There was a problem hiding this comment.
P1: This will throw in environments where browser is undefined (e.g., Chrome), preventing the background script from loading. Use a safe fallback to the existing chrome global.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/background.js, line 1:
<comment>This will throw in environments where `browser` is undefined (e.g., Chrome), preventing the background script from loading. Use a safe fallback to the existing `chrome` global.</comment>
<file context>
@@ -1,3 +1,5 @@
+var chrome = browser;
+
const databaseUrl = chrome.extension.getURL('/database.csv');
</file context>
Suggested change
| var chrome = browser; | |
| var chrome = typeof browser !== 'undefined' ? browser : globalThis.chrome; |
| @@ -1,4 +1,6 @@ | |||
| var port = chrome.extension.connect({ | |||
| var chrome = browser; | |||
There was a problem hiding this comment.
P1: Directly assigning browser breaks Chrome because browser is undefined there. Use a guarded fallback so Chrome continues to work.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/popup.js, line 1:
<comment>Directly assigning `browser` breaks Chrome because `browser` is undefined there. Use a guarded fallback so Chrome continues to work.</comment>
<file context>
@@ -1,4 +1,6 @@
-var port = chrome.extension.connect({
+var chrome = browser;
+
+var port = chrome.runtime.connect({
</file context>
Suggested change
| var chrome = browser; | |
| var chrome = typeof browser !== "undefined" ? browser : window.chrome; |
| /* setup listeners */ | ||
| chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => { | ||
| found.add(msg); | ||
| sourceUrl = new URL(msg); |
There was a problem hiding this comment.
P2: Declare sourceUrl with const/let to avoid leaking a global variable into the background script scope.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/background.js, line 12:
<comment>Declare `sourceUrl` with `const`/`let` to avoid leaking a global variable into the background script scope.</comment>
<file context>
@@ -7,11 +9,12 @@ setBadgeCount(0);
/* setup listeners */
chrome.runtime.onMessage.addListener((msg, sender, sendResponse) => {
- found.add(msg);
+ sourceUrl = new URL(msg);
+ found.add(JSON.stringify({ domain: sourceUrl.origin, type: 'Active Mode', file: sourceUrl.href, lineCol: 0 }));
setBadgeCount(found.size);
</file context>
Suggested change
| sourceUrl = new URL(msg); | |
| const sourceUrl = new URL(msg); |
| @@ -1,3 +1,5 @@ | |||
| var chrome = browser; | |||
There was a problem hiding this comment.
P2: Guard against browser being undefined; this line throws in Chrome, breaking existing extension usage. Use a conditional alias instead of directly referencing browser.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/exp.js, line 1:
<comment>Guard against `browser` being undefined; this line throws in Chrome, breaking existing extension usage. Use a conditional alias instead of directly referencing `browser`.</comment>
<file context>
@@ -1,3 +1,5 @@
+var chrome = browser;
+
var PAYLOADS = [
</file context>
| } | ||
|
|
||
| found.add(JSON.stringify({ domain: initiator, type: name, file: requestUri, lineCol })) | ||
| found.add(JSON.stringify({ domain: new URL(initiator).origin, type: name, file: requestUri, lineCol })) |
There was a problem hiding this comment.
P2: Guard against missing originUrl before calling new URL(...). originUrl is optional for webRequest details, so new URL(initiator) can throw and stop scanning for requests without an origin.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/utils.js, line 112:
<comment>Guard against missing `originUrl` before calling `new URL(...)`. `originUrl` is optional for webRequest details, so `new URL(initiator)` can throw and stop scanning for requests without an origin.</comment>
<file context>
@@ -107,8 +109,7 @@ const check = ({ requestUri, initiator }) => {
}
-
- found.add(JSON.stringify({ domain: initiator, type: name, file: requestUri, lineCol }))
+ found.add(JSON.stringify({ domain: new URL(initiator).origin, type: name, file: requestUri, lineCol }))
setBadgeCount(found.size);
});
</file context>
Suggested change
| found.add(JSON.stringify({ domain: new URL(initiator).origin, type: name, file: requestUri, lineCol })) | |
| found.add(JSON.stringify({ domain: initiator ? new URL(initiator).origin : url.origin, type: name, file: requestUri, lineCol })) |
| @@ -1,3 +1,5 @@ | |||
| var chrome = browser; | |||
There was a problem hiding this comment.
P2: Unconditionally assigning browser to chrome will throw in Chrome where browser is undefined, breaking the content script. Use a guarded assignment that falls back to chrome when browser isn’t available.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At scripts/content_script.js, line 1:
<comment>Unconditionally assigning `browser` to `chrome` will throw in Chrome where `browser` is undefined, breaking the content script. Use a guarded assignment that falls back to `chrome` when `browser` isn’t available.</comment>
<file context>
@@ -1,3 +1,5 @@
+var chrome = browser;
+
document.addEventListener('TriggerBrute', () => {
</file context>
Suggested change
| var chrome = browser; | |
| var chrome = typeof browser !== "undefined" ? browser : chrome; |
| * Clone the repo | ||
| * Temporaty install | ||
| * In Firefox, go to `about:debugging#/runtime/this-firefox` | ||
| * Click on "Load temporaty add-on" and select `manifest.json` from the cloned repo folder. |
There was a problem hiding this comment.
P3: Correct the spelling of “temporaty” to “temporary” in the add-on installation step.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At README.md, line 18:
<comment>Correct the spelling of “temporaty” to “temporary” in the add-on installation step.</comment>
<file context>
@@ -12,23 +12,19 @@ Client Side Protype pollution Scanner
+* Clone the repo
+* Temporaty install
+ * In Firefox, go to `about:debugging#/runtime/this-firefox`
+ * Click on "Load temporaty add-on" and select `manifest.json` from the cloned repo folder.
+* Persistent install
+ * Build `npm install --global web-ext` & `web-ext build` or `npx web-ext build`
</file context>
Suggested change
| * Click on "Load temporaty add-on" and select `manifest.json` from the cloned repo folder. | |
| * Click on "Load temporary add-on" and select `manifest.json` from the cloned repo folder. |
| </ol> | ||
|
|
||
| * Clone the repo | ||
| * Temporaty install |
There was a problem hiding this comment.
P3: Fix the spelling of “Temporaty” to “Temporary” in the installation heading for clarity.
Prompt for AI agents
Check if this issue is valid — if so, understand the root cause and fix it. At README.md, line 16:
<comment>Fix the spelling of “Temporaty” to “Temporary” in the installation heading for clarity.</comment>
<file context>
@@ -12,23 +12,19 @@ Client Side Protype pollution Scanner
-</ol>
-
+* Clone the repo
+* Temporaty install
+ * In Firefox, go to `about:debugging#/runtime/this-firefox`
+ * Click on "Load temporaty add-on" and select `manifest.json` from the cloned repo folder.
</file context>
Suggested change
| * Temporaty install | |
| * Temporary install |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
If anything - breaks backward compatibility, so add in a separate branch