The normalizeDomain scoping bug - preventing the confirmation dialog from ever showing
The session bypass missing check - so "No, Continue" actually works
The search results race condition - so you can actually click on search results after allowing explicit searches

tested fixed errors

same bug with infinite loop fix

Stand Strong v1.0.3 - CORRECTED Error Report

My Mistake - I Apologize!

I gave you incorrect manifest.json code. The exclude_matches syntax I provided is for Manifest V3, but your extension uses Manifest V2, which doesn't support that syntax.

The Real Solution

For Manifest V2, we cannot use exclude_matches. Instead, we rely 100% on the protocol checks in the content_script.js code:

if (
location.protocol === "chrome:" ||
location.protocol === "chrome-extension:" ||
location.protocol === "moz-extension:" // This line prevents the loop
) {
console.log("Stand Strong: Skipping chrome/extension page");
return;
}


Since your content_script.js already has all 3 of these checks (I verified it), the loop should be prevented by the code alone.

Files You Actually Need to Fix

1. manifest.json

Replace with: manifest-FIXED-V2.json (rename it to manifest.json)

Changes:
- Removed the invalid exclude_matches (that was my error)
- Added style-src 'self' 'unsafe-inline' to CSP for inline styles
- Everything else stays the same

2. ui/blocked.html

Replace with: blocked-CORRECTED.html (rename it to blocked.html)

Changes:
- Removed Google Fonts links
- Changed to system fonts
- This prevents CSP violations that could cause hangs

Why the Loop is STILL Happening

The loop is likely caused by blocked.html trying to load Google Fonts, which violates Content Security Policy and causes the page to fail/reload.

Your content_script.js is actually correct with all the moz-extension checks. The problem is the blocked page itself hanging due to external resource loading.

Test After Replacing These 2 Files

1. Replace manifest.json with the V2-compatible one
2. Replace ui/blocked.html with the no-Google-Fonts version
3. Reload extension in Firefox
4. Try to block a site
5. The blocked page should load once and stay stable

Summary

• ✅ Your content_script.js is PERFECT (all 3 moz-extension checks present)
• ✅ Your background.js is PERFECT
• ✅ Your confirm.js is PERFECT
• ❌ Your manifest.json has wrong CSP
• ❌ Your blocked.html has Google Fonts (causes CSP violations)

Only fix these 2 files and you're done!

Sorry for the confusion with the Manifest V3 syntax!

Version 1.0.3 - Critical Bug Fixes
Fixed two major issues:

Confirmation buttons not responding - Added missing message listener in background script to handle "Yes, Block It" and "No, Continue" button clicks
Infinite refresh loop after blocking - Content script now properly skips extension pages (moz-extension://) to prevent loops when displaying blocked.html
Blocked page improvements - Removed external Google Fonts dependency for better Content Security Policy compliance and faster loading

Changes:

Updated background.js with GET_CURRENT_DOMAIN message handler
Fixed content_script.js to exclude moz-extension:// protocol
Added exclude_matches in manifest for extension pages
Replaced external fonts with system fonts in blocked.html
Improved error handling and console logging throughout

Files modified:

background.js
content/content_script.js
ui/confirm.js
ui/blocked.html
manifest.json

All users should update to this version to ensure the extension works correctly.

Stand Strong Extension - Button Fix

Problem

The buttons on the confirm.html popup were not responding because the background script was missing a message listener to handle the "GET_CURRENT_DOMAIN" action.

Solution

Added a message listener to background.js that handles both:
1. GET_CURRENT_DOMAIN - Gets the current tab's domain
2. CONFIRM_BLOCK - Handles blocking confirmed domains

Files to Replace

1. background.js

Location: Root of your extension folder
Replace with: The new background.js file provided

Key Changes:
- Added browserAPI.runtime.onMessage.addListener() at lines 35-74
- This listener handles GET_CURRENT_DOMAIN and CONFIRM_BLOCK messages
- Now properly responds to confirm.js requests

2. ui/confirm.js

Location: ui/confirm.js
Replace with: The new confirm.js file provided

Key Changes:
- Added better error handling and logging
- Added chrome.runtime.lastError check
- Added alert if domain cannot be determined
- Added lastFailureDate recording when user confirms blocking
- More console.log statements for debugging

How to Install

1. Open your extension folder
2. Replace background.js in the root folder
3. Replace confirm.js in the ui folder
4. Reload your extension in Firefox:
5. Go to about:debugging#/runtime/this-firefox
6. Click "Reload" on your Stand Strong extension
7. Test the confirm popup buttons - they should now work!

What Was Wrong

The original code in confirm.js was sending a message:

chrome.runtime.sendMessage({ action: "GET_CURRENT_DOMAIN" }, callback)


But background.js had no listener to receive this message, so the callback never fired, and the buttons appeared to do nothing.

Testing

After replacing the files:
1. Visit a website
2. Open the popup and trigger the confirm dialog
3. Click "Yes, Block It" - it should now:
- Get the current domain
- Add it to blocked list
- Reset your streak
- Close the popup
- Redirect to blocked.html
4. Click "No, Continue" - should simply close the popup

The console should now show detailed logs of what's happening at each step.

the popup.html and seperation of inline javascript code and html so created js files for each html