",t};e.buildCustomizationMenuUi=t;function n(e){let t='
${e.filter.label}
The integrated platform for monitoring & security
Observability
End-to-end, simplified visibility into your stack’s health & performance
インフラ
Applications
ログ
セキュリティ
Detect, prioritize, and respond to threats in real-time
Code Security
Cloud Security
Threat Management
Digital Experience
Optimize front-end performance and enhance user experiences
Related Products
Software Delivery
Build, test, secure and ship quality code faster
Service Management
Integrated, streamlined workflows for faster time-to-resolution
Actions
AIOps
AI
Monitor and improve model performance. Pinpoint root causes and detect anomalies
AI Observability
Platform Capabilities
Built-in features & integrations that power the Datadog platform
Built-in Features
Workflows & Collaboration
Extensibility
Industry
テクノロジー
Use-case
Looking for Datadog logos?
You can find the logo assets on our press page.
ID: javascript-browser-security/postmessage-permissive-origin
javascript-browser-security/postmessage-permissive-origin
Language: JavaScript
Severity: Warning
Category: Security
CWE: 923
Always specify the origin of the message for security reasons and to avoid spoofing attacks. Always specify an exact target origin, not *, when you use postMessage to send data to other windows.
*
postMessage
window.postMessage(message, '*')
window.postMessage(message, 'https://app.domain.tld')
Seamless integrations. Try Datadog Code Security
1 2
rulesets: - javascript-browser-security # Rules to enforce JavaScript browser security.
For more information, please read the Code Security documentation
Identify code vulnerabilities directly in yourVS Code editor
Identify code vulnerabilities directly inJetBrains products