Skip to content

mozfreddyb/eslint-plugin-no-wildcard-postmessage

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

14 Commits

docs/rules

docs/rules

 
 

lib/rules

lib/rules

 
 

tests/rules

tests/rules

 
 

.editorconfig

.editorconfig

 
 

.eslintrc

.eslintrc

 
 

.gitignore

.gitignore

 
 

.travis.yml

.travis.yml

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

index.js

index.js

 
 

package.json

package.json

 
 

Repository files navigation

Build Status

Disallow wildcard targets for postMessage (no-wildcard-postmessage)

This function disallows unsafe coding practices that may result into security vulnerabilities. We will postMessage calls that contain a target origin of "*".

Rule Details

Disallowed:

frame.postMessage(obj, "*");

A few examples of allowed practices:

frame.postMessage(obj, "http://domain.tld");
// in a worker:
postMessage(obj);

This rule is being used within Mozilla to maintain and improve the security of various front-end codebases.

About

custom ESLint rule to disallows calling postMessage to wildcard targets

Resources

Readme

License

MPL-2.0 license
Activity

Stars

4 stars

Watchers

2 watching

Forks

1 fork
Report repository

Releases

No releases published

Packages

No packages published

Contributors 2

  •  
  •  

Languages