The integrated platform for monitoring & security
Observability
End-to-end, simplified visibility into your stack’s health & performance
インフラ
Applications
ログ管理
Security
Detect, prioritize, and respond to threats in real-time
Cloud Security
Application Security
Cloud SIEM
Digital Experience
Optimize front-end performance and enhance user experiences
Related Products
Software Delivery
Build, test, secure and ship quality code faster
Service Management
Integrated, streamlined workflows for faster time-to-resolution
AIOps
AI
Monitor and improve model performance. Pinpoint root causes and detect anomalies.
AI Observability
Platform Capabilities
Built-in features & integrations that power the Datadog platform
Built-in Features
Workflows & Collaboration
Extensibility
Industry
Technology
Use-case
Looking for Datadog logos?
You can find the logo assets on our press page.
ID: javascript-browser-security/postmessage-permissive-origin
javascript-browser-security/postmessage-permissive-origin
Language: JavaScript
Severity: Warning
Category: Security
Always specify the origin of the message for security reasons and to avoid spoofing attacks. Always specify an exact target origin, not *, when you use postMessage to send data to other windows.
*
postMessage
window.postMessage(message, '*')
window.postMessage(message, 'https://app.domain.tld')
Seamless integrations. Try Datadog Code Analysis
1 2
rulesets: - javascript-browser-security # Rules to enforce JavaScript browser security.
For more information, please read the Code Analysis documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products