Hi,
This appears to be a recurring issue across multiple Microsoft Edge Add-ons submissions. Two separate extensions (including the latest, ChartMaker Pro) have now been rejected with the same message: "The extension contains or enables malware/PUA."
Context
After my first rejection in February, I contacted support and was advised to refer to the documentation. After making several adjustments based on my interpretation of the policy and resubmitting, the same rejection persisted without additional specific feedback. I ultimately had to pause updates for that extension on Edge Add-ons.
Current extension details (ChartMaker Pro)
Product ID: b5ff1973-1005-4212-a1a4-a72e69d934d0
ChartMaker Pro only uses the following permission:
- storage (strictly for saving user settings)
There is no:
- remote code execution
- use of eval or dynamic code injection
- external script loading at runtime
- elevated or sensitive permissions
The only change in this update was replacing a remote Font Awesome CDN reference:
with a local Font Awesome asset bundle (CSS/fonts/SVG) to support full offline usage. These assets are static and do not execute any code or load external resources.
Could you please help identify what specific file, pattern, or behavior is triggering the classification so I can address it if it is a false positive?
Hi,
This appears to be a recurring issue across multiple Microsoft Edge Add-ons submissions. Two separate extensions (including the latest, ChartMaker Pro) have now been rejected with the same message: "The extension contains or enables malware/PUA."
Context
After my first rejection in February, I contacted support and was advised to refer to the documentation. After making several adjustments based on my interpretation of the policy and resubmitting, the same rejection persisted without additional specific feedback. I ultimately had to pause updates for that extension on Edge Add-ons.
Current extension details (ChartMaker Pro)
Product ID: b5ff1973-1005-4212-a1a4-a72e69d934d0
ChartMaker Pro only uses the following permission:
There is no:
The only change in this update was replacing a remote Font Awesome CDN reference:
with a local Font Awesome asset bundle (CSS/fonts/SVG) to support full offline usage. These assets are static and do not execute any code or load external resources.
Could you please help identify what specific file, pattern, or behavior is triggering the classification so I can address it if it is a false positive?