Specify origin in postMessage

This product is not supported for your selected Datadog site. ().
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください

Metadata

ID: javascript-browser-security/postmessage-permissive-origin

Language: JavaScript

Severity: Warning

Category: Security

CWE: 923

Related CWEs:

Description

Always specify the origin of the message for security reasons and to avoid spoofing attacks. Always specify an exact target origin, not *, when you use postMessage to send data to other windows.

Learn More

Non-Compliant Code Examples

window.postMessage(message, '*')

Compliant Code Examples

window.postMessage(message, 'https://app.domain.tld')
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

シームレスな統合。 Datadog Code Security をお試しください

Datadog Code Security