npm
Sign UpSign In

@movable/eslint-plugin-no-wildcard-postmessage

1.0.0 • Public • Published

Build Status

Disallow wildcard targets for postMessage (no-wildcard-postmessage)

This function disallows unsafe coding practices that may result into security vulnerabilities. We will postMessage calls that contain a target origin of "*".

Rule Details

Disallowed:

frame.postMessage(obj, "*");

A few examples of allowed practices:

frame.postMessage(obj, "http://domain.tld");
// in a worker:
postMessage(obj);

This rule is being used within Mozilla to maintain and improve the security of the Firefox OS front-end codebase Gaia. Further documentation, which includes references to the escaping functions can be found on MDN.

Dependencies (0)

    Dev Dependencies (7)

    Package Sidebar

    Install

    npm i @movable/eslint-plugin-no-wildcard-postmessage

    Repository

    github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues

    Homepage

    github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/

    Weekly Downloads

    523

    Version

    1.0.0

    License

    MPL-2.0

    Unpacked Size

    26.1 kB

    Total Files

    14

    Last publish

    Collaborators

    • chayelheinsen
    • polera-mi
    • movable-ink
    • mnutt
    • shyshy
    • nicksteffens_mi
    • mansurtsutiev
    • mi_rtepper
    • aqmnguyen
    Try on RunKit
    Report malware