Skip to content

Commit ffc9a44

Browse files
dellaliberaesbena
dellalibera
and
esbena
authored
Update javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp
Co-authored-by: Esben Sparre Andreasen <[email protected]>
1 parent e84339d commit ffc9a44

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

javascript/ql/src/experimental/Security/CWE-020/PostMessageNoOriginCheck.qhelp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -24,7 +24,7 @@ Always verify the sender's identity of incoming messages.
2424
<p> In the second example, the `MessageEvent.origin` is verified with an unsecure check. For example, using `event.origin.indexOf('www.example.com') > -1` can be bypassed because the string `www.example.com` could appear anywhere in `event.origin` (i.e. `www.example.com.mydomain.com`)</p>
2525
<sample src="examples/postMessageWithInsufficientCheck.js" />
2626

27-
<p> In the third example, the `MessageEvent.origin` is properly checked against a trusted origin.
27+
<p> In the third example, the `MessageEvent.origin` is properly checked against a trusted origin. </p>
2828
<sample src="examples/postMessageWithInsufficientCheck.js" />
2929

3030
</example>

0 commit comments

Comments
 (0)