Disallow wildcard targets for postMessage (no-wildcard-postmessage)

This function disallows unsafe coding practices that may result into security vulnerabilities. We will postMessage calls that contain a target origin of "*".

Rule Details

Disallowed:

frame.postMessage(obj, "*");

A few examples of allowed practices:

frame.postMessage(obj, "http://domain.tld");
// in a worker:
postMessage(obj);

This rule is being used within Mozilla to maintain and improve the security of various front-end codebases.

Name		Name	Last commit message	Last commit date
Latest commit History 14 Commits
docs/rules		docs/rules
lib/rules		lib/rules
tests/rules		tests/rules
.editorconfig		.editorconfig
.eslintrc		.eslintrc
.gitignore		.gitignore
.travis.yml		.travis.yml
LICENSE		LICENSE
README.md		README.md
index.js		index.js
package.json		package.json

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Disallow wildcard targets for postMessage (no-wildcard-postmessage)

Rule Details

About

Releases

Packages

Contributors 2

Languages

License

mozfreddyb/eslint-plugin-no-wildcard-postmessage

Folders and files

Latest commit

History

Repository files navigation

Disallow wildcard targets for postMessage (no-wildcard-postmessage)

Rule Details

About

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Languages

Packages