You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: javascript/ql/src/Security/CWE-020/MissingOriginCheck.qhelp
+5-6Lines changed: 5 additions & 6 deletions
Original file line number
Diff line number
Diff line change
@@ -7,7 +7,7 @@
7
7
8
8
<p>
9
9
The <code>"message"</code> event is used to send messages between windows.
10
-
An untrusted window can send a message to a trusted window, and it is up to the receiver to verify the legitimacy of the message. One way of doing that verification is to check the <code>origin</code> of the message ensure that it origins from a trusted window.
10
+
An untrusted window can send a message to a trusted window, and it is up to the receiver to verify the legitimacy of the message. One way of performing that verification is to check the <code>origin</code> of the message ensure that it originates from a trusted window.
11
11
</p>
12
12
</overview>
13
13
@@ -27,18 +27,17 @@ to execute arbitrary code.
27
27
28
28
<p>
29
29
The example is fixed below, where the origin is checked to be trusted.
30
-
It is therefore not possible for an attacker to attack using an untrusted origin.
30
+
It is therefore not possible for a malicious user to attack using an untrusted origin.
0 commit comments