Please note, this is a STATIC archive of website from 03 Nov 2016, does not collect or store any user information, there is no "phishing" involved.

Validating web apps with the App Validator

The app validator is a tool built to test that apps are ready for submission to the Firefox Marketplace and are suitable for running on a variety of platforms. Apps submitted to the Marketplace are automatically run through the validator, which represents the first step of the review process.

Some checks that the validator performs include:

  • Ensuring the app manifest is formatted correctly with appropriate values.
  • Ensuring resources linked to in the manifest exist and are properly formatted. For instance, the launch_path is tested to exist, and icons are tested to be a valid image of the listed size.
  • Ensuring the app does not request permissions that it cannot use.
  • Testing that at least one locale provided in the manifest is a locale supported by the Firefox Marketplace.
  • Testing that no JavaScript syntax errors exist.
  • Checking for garbage files and file types (e.g.: EXE, DLL, etc.) that are banned in packaged apps.
  • Testing for appcache support in hosted apps.
  • Checking that packages do not contain version control.
  • Identifying potential CSP violations.

Using the App Validator

There are a couple of different ways to use the App Validator; this section details them both.


The validator is available to Marketplace developers in the Marketplace Developer HubOn this page, you'll be presented with the option to validate a hosted app by providing the URL of the app's manifest, or validating a packaged app by uploading a zip file.

On Your Own Computer

The source code and setup documentation can be found on the app-validator Github page. You can install the validator on your own computer and run it without needing to access the Firefox Marketplace.

After following the setup instructions, you can use the validator by running the app-validator script in the root:

app-validator ~/src/path/to/my/manifest.webapp -v

The first argument should be the path to your manifest, the path to a ZIP file (for packaged apps) or a URL pointing at your manifest online. The -v argument outputs a verbose summary of each error, warning, and notice that the validator generates.

A full description of the arguments that the validator accepts and the forms of output that it can produce are available on Github.

Document Tags and Contributors

 Contributors to this page: chrisdavidmills, so_matt_basta
 Last updated by: chrisdavidmills,