diff --git a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
index 98beb1141c3..3d371c47318 100644
--- a/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
+++ b/javascript/ql/lib/semmle/javascript/security/dataflow/DOM.qll
@@ -197,13 +197,13 @@ class PostMessageEventHandler extends Function {
     )
     or
     // Angular's `@HostListener('window:message', ['$event'])` decorator registers
-    // a method as a `message` event handler on the global `window`/`document`
+    // a method as a `message` event handler on the global `window` or `document`
     // target.  The decorated method receives the `MessageEvent` as its first
     // parameter, so it is equivalent to `window.addEventListener('message', ...)`.
     exists(MethodDefinition method, DataFlow::CallNode decorator |
       decorator = DataFlow::moduleMember("@angular/core", "HostListener").getACall() and
       decorator = method.getADecorator().getExpression().flow() and
-      decorator.getArgument(0).mayHaveStringValue(["window:message", "document:message", "message"]) and
+      decorator.getArgument(0).mayHaveStringValue(["window:message", "document:message"]) and
       method.getBody() = this and
       paramIndex = 0
     )