このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。
ID: javascript-browser-security/event-check-origin
Language: JavaScript
Severity: Warning
Category: Security
Description
Not checking the rule origin can lead to XSS attacks. Always check the event origin.
Learn More
Non-Compliant Code Examples
window.addEventListener('message', (event) => {
processing();
})
Compliant Code Examples
window.addEventListener('message', (event) => {
if (event.origin != 'https://app.domain.tld') {
throw new Error('invalid origin')
}
processing();
})
Seamless integrations. Try Datadog Code Analysis