As long as we use old-style localization with .dtds we can't prevent this kind of injection in the client. We could scan for entities that contain markup if we don't rely on that in legit localizations in other contexts. We could make langpacks held for review prior to signing, unlike WebExtensions because they have more power than web extensions. Or if we can't prevent them being signed prior to release, we can at least make them unavailable on even unlisted AMO pages so the mozAddonManager APIs can't trigger them (I believe we did limit those APIs to only being able to launch self-hosted addons).
Bug 1538007 Comment 4 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
As long as we use old-style localization with .dtds we can't prevent this kind of injection in the client. We could scan at review time for entities that contain markup if we don't rely on that in legit localizations in other contexts. At least we could prevent adding elements because a working '<' can't be obfuscated and still work. There might be contexts where on* event handling attributes could be added and that could be more work to detect. Another options would be to hold langpacks for review prior to signing, unlike WebExtensions because they have more power than web extensions. Or if we can't prevent them being signed prior to review, we can at least make them unavailable on AMO (even unlisted pages are no good) so the mozAddonManager APIs can't trigger them (I believe we did limit those APIs to only being able to launch self-hosted addons).