@movable/eslint-plugin-no-wildcard-postmessage

    1.0.0 • Public • Published

    Build Status

    Disallow wildcard targets for postMessage (no-wildcard-postmessage)

    This function disallows unsafe coding practices that may result into security vulnerabilities. We will postMessage calls that contain a target origin of "*".

    Rule Details

    Disallowed:

    frame.postMessage(obj, "*");
     

    A few examples of allowed practices:

    frame.postMessage(obj, "http://domain.tld");
    // in a worker:
    postMessage(obj);

    This rule is being used within Mozilla to maintain and improve the security of the Firefox OS front-end codebase Gaia. Further documentation, which includes references to the escaping functions can be found on MDN.

    Install

    npm i @movable/eslint-plugin-no-wildcard-postmessage

    DownloadsWeekly Downloads

    195

    Version

    1.0.0

    License

    MPL-2.0

    Unpacked Size

    26.1 kB

    Total Files

    14

    Last publish

    Collaborators

    • uyethon
    • movable-ink
    • mnutt
    • shyshy
    • joxamo18
    • kruggeri
    • nicksteffens_mi
    • mansurtsutiev
    • cwervo
    • megoetzke
    • aguevara23
    • mi_rtepper
    • theron
    • aqmnguyen