hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 02:35:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix qhelp: the window, not the origin, is sending the message

Browse Source 
Co-authored-by: Esben Sparre Andreasen <esbena@github.com>
This commit is contained in:
Erik Krogh Kristensen
2022-04-25 14:07:01 +02:00
committed by GitHub
parent df295e69d6
commit fe3d71ebc2
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
javascript/ql/src/Security/CWE-020/MissingOriginCheck.qhelp
View File

@@ -7,8 +7,7 @@
<p>
The <code>"message"</code> event is used to send messages between windows.
An untrusted origin is allowed to send messages to a trusted window, and if the origin
is not checked that can lead to various security issues.
An untrusted window can send a message to a trusted window, and it is up to the receiver to verify the legitimacy of the message. One way of doing that verification is to check the <code>origin</code> of the message ensure that it origins from a trusted window.
</p>
</overview>