awRAG.io — awRAG.io

awRAG.io breaks AI vendor lock-in by providing universal document search across all major AI platforms.

How It Works:
1. Upload documents to awRAG.io (PDF, Word, text files)
2. Install this extension
3. Use the floating button or keyboard shortcut (Ctrl+Shift+L) on any supported AI platform
4. Search your documents and inject context directly into your AI conversations

Supported Platforms:
• Claude.ai
• ChatGPT
• Perplexity AI
• Google Gemini
• Google NotebookLM

Key Features:
• Floating action button for instant access
• Keyboard shortcut for power users
• Context injection with source citations
• No vendor lock-in - your documents work with any AI
• Privacy-first: API key stored locally only

Privacy & Security:
• No data collection or tracking
• API key stored in browser storage only
• No analytics or telemetry
• Open source (available for review)

Requirements:
• Free or paid awRAG.io account (https://awrag.io)
• API key from your awRAG.io dashboard

Use Cases:
• Research with academic papers
• Customer support with knowledge bases
• Legal document analysis
• Technical documentation queries
• Personal knowledge management

REGARDING innerHTML WARNINGS

Mozilla's automated validator flagged 3 "Unsafe assignment to innerHTML" warnings. Here's the explanation:

Why These Warnings Appear

All flagged innerHTML assignments are in React framework code (bundled by webpack), NOT in our source code.

Source files use safe React patterns:
- JSX syntax with automatic XSS escaping
- No dangerouslySetInnerHTML usage anywhere in codebase
- No direct DOM manipulation with innerHTML
- All user input sanitized through React's virtual DOM

The warnings appear because:
1. React-DOM library uses innerHTML internally for performance optimization
2. Webpack bundles React-DOM into single files (popup.js, content.js)
3. Mozilla's linter detects innerHTML in bundled code (not source)
4. React handles all sanitization internally - this is framework-level code

Security Verification

Our source code follows Mozilla's security best practices:
- All DOM updates through React components
- User input never directly inserted into DOM
- TypeScript strict mode enforces type safety
- No eval(), Function(), or other dangerous APIs used

This is a known issue for ALL React-based extensions:
- React, Vue, Svelte, and other framework extensions get these warnings
- The warnings are from framework internals, not developer code
- Mozilla reviewers are familiar with this pattern

Source Code Reference

You can verify our source code (included in source ZIP):
- src/popup/index.tsx - React components with JSX (no innerHTML)
- src/content/index.ts - Safe DOM manipulation via React
- src/background/index.ts - Background script (no DOM access)

All innerHTML warnings are in bundled output (dist/popup.js, dist/content.js), not source files.



ADDITIONAL INFORMATION

Browser Compatibility

• Primary: Firefox 140+ (this build)
• Chrome: Separate build available (different manifest structure)

Source Code

• Source code ZIP included with submission
• Build instructions in README.md
• TypeScript + React + Webpack stack

Support & Contact

• Website: https://awrag.io
• Email: [YOUR SUPPORT EMAIL]
• GitHub: [YOUR GITHUB REPO IF PUBLIC]

Privacy Policy

• Available at: https://awrag.io/privacy
• No data collection, no tracking, no analytics
• API key stored locally only

QUESTIONS FOR REVIEWERS

If you have any questions during review:
1. Check source code in provided ZIP
2. Verify innerHTML usage (framework only, not our code)
3. Test with provided credentials
4. Contact us if clarification needed