npm
Sign UpSign In

@movable/eslint-plugin-no-wildcard-postmessage

1.0.0 • Public • Published

Build Status

Disallow wildcard targets for postMessage (no-wildcard-postmessage)

This function disallows unsafe coding practices that may result into security vulnerabilities. We will postMessage calls that contain a target origin of "*".

Rule Details

Disallowed:

frame.postMessage(obj, "*");

A few examples of allowed practices:

frame.postMessage(obj, "http://domain.tld");
// in a worker:
postMessage(obj);

This rule is being used within Mozilla to maintain and improve the security of the Firefox OS front-end codebase Gaia. Further documentation, which includes references to the escaping functions can be found on MDN.

Versions

Current Tags

VersionDownloads (Last 7 Days)Tag
1.0.0173latest

Version History

VersionDownloads (Last 7 Days)Published
1.0.0173

Package Sidebar

Install

npm i @movable/eslint-plugin-no-wildcard-postmessage

Repository

github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues

Homepage

github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/

Weekly Downloads

173

Version

1.0.0

License

MPL-2.0

Unpacked Size

26.1 kB

Total Files

14

Last publish

Collaborators

  • maxnovak
  • curtmorgan3
  • chayelheinsen
  • movable-ink
  • mnutt
  • shyshy
  • nicksteffens_mi
  • mansurtsutiev
  • mi_rtepper
  • aqmnguyen
Try on RunKit
Report malware