SonarJs still shows warning about postMessage cross-domain issue
The error message is "make sure this cross-domain message is being sent to the intended domain".
This check rule from RSPEC-2819
Authors should not use the wildcard keyword ( *) in the targetOrigin argument in messages that contain any confidential information, as otherwise there is no way to guarantee that the message is only delivered to the recipient to which it was intended.
I assume it demands * cannot be used as targetOrigin, But It still shows warning when I use intended domain as targetOrigin like below:
Please somebody can tell me how to pass this check,
Any help would be appreciated
This rule detects only if a method postMessage is invoked on an object with a name containing window in it. Source code: PostMessageCheck.java. To bypass it, just assign your contentWindow object into different one, like this:
var content = this.elem.contentWindow;
content.postMessage('your message', window.location.origin);
- Sonar scanner command not found on Gitlab CI/CD
- Error "Could not find 'java' executable in JAVA_HOME or PATH" while installing sonar-scanner with sonarqube google compute instance
- No problems have been detected in the workspace: SonarLint
- SonarJS - how to avoid "Non-existent variables should not be referenced" issue
- Sonarqube: Missing blame information for the following files
- no new branch appearing on sonar
- SonarQube Branch does not exist on server
- SonarCloud CI can't find source files for Ruby / SimpleCov coverage
- How do I use, or set up sonar-project.properties file?
- Sonarqube TFS task returning error (401) Unauthorized on one project but not others
- Sonarqube integration not working with Gitlab
- Gradle 8.1.1 - What went wrong: 'java.io.File org.gradle.api.reporting.ConfigurableReport.getDestination()'
- SonarQube JavaScript disable a part of code
- SonarQube over https
- Sonarqube treat AOP Throwable as an issue
- Pull request decoration is not working in SonarQube with Gitlab
- Not authorized to execute any sonarqube analysis with sonarqube scanner on Travis CI
- SonarQube - Elasticsearch could not bind
- SonarQube: Invoke method(s) only conditionally - logger executes not needed functions
- equals(Object obj)" should be overridden along with the "compareTo(T obj)" method
- Dotnet CLI SonarScanner is failing with dotnet 8.0 image
- Failed to execute goal org.sonarsource.scanner.maven:sonar-maven-plugin:3.9.1.2184:sonar on project demo: You're not authorized to run analysis
- SonarQube "The main branch has no lines of code." issue while Jenkins says analysis is successful
- Sonarqube-scanner for Angular fails with Node 22.9.0
- Sonar-scanner in jenkins error does not match any configured installation
- SonarQube - how to deactivate inherited rule in quality profile?
- How to configure multi-module Maven + Sonar + JaCoCo to give merged coverage report?
- sonarqube + lombok = false positives
- Unable to execute SonarQube: Fail to get bootstrap index from server: timeout: Read timed out
- sonarqube displays all projects on Home page with out login