Details
Scan Rule ID 220008
Alert Type Tool
Status alpha

Alerts

  • 220008-1 Avoid postMessage with wildcard targetOrigin
  • 220008-2 Specify postMessage targetOrigin
  • 220008-3 Avoid weak origin substring checks
  • 220008-4 Avoid permissive regex origin checks
  • 220008-5 Origin check uses host fragment only
  • 220008-6 Review message event listeners
  • 220008-7 Message handler without origin validation
  • 220008-8 Wildcard reply from message handler
  • 220008-9 Web Message Injection (taint flow)

Code

src/ptk/background/sast/modules/modules.json