Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage

custom ESLint rule to disallows calling postMessage to wildcard targets
https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage

Last synced: 19 days ago
JSON representation

custom ESLint rule to disallows calling postMessage to wildcard targets

Host: GitHub
URL: https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage
Owner: mozfreddyb
License: mpl-2.0
Created: 2015-10-27T12:39:30.000Z (about 9 years ago)
Default Branch: master
Last Pushed: 2020-04-28T07:21:07.000Z (over 4 years ago)
Last Synced: 2024-10-28T23:56:44.036Z (23 days ago)
Language: JavaScript
Size: 16.6 KB
Stars: 4
Watchers: 2
Forks: 1
Open Issues: 0
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

        [![Build Status](https://travis-ci.org/mozfreddyb/eslint-plugin-no-wildcard-postmessage.svg?branch=master)](https://travis-ci.org/mozfreddyb/eslint-plugin-no-wildcard-postmessage)

# Disallow wildcard targets for postMessage (no-wildcard-postmessage)

This function disallows unsafe coding practices that may result into security vulnerabilities.

We will postMessage calls that contain a target origin of `"*"`.

## Rule Details

Disallowed:

```js

frame.postMessage(obj, "*");

```

A few examples of allowed practices:

```js

frame.postMessage(obj, "http://domain.tld");

// in a worker:

postMessage(obj);

```

This rule is being used within Mozilla to maintain and improve the security of various front-end codebases.