fix qhelp: the window, not the origin, is sending the message

erik-krogh · esbena · web-flow · commit fe3d71ebc21d · 2022-04-25T14:07:01.000+02:00
Co-authored-by: Esben Sparre Andreasen &lt;esbena@github.com&gt;
diff --git a/javascript/ql/src/Security/CWE-020/MissingOriginCheck.qhelp b/javascript/ql/src/Security/CWE-020/MissingOriginCheck.qhelp
@@ -7,8 +7,7 @@
 
 <p>
 The <code>"message"</code> event is used to send messages between windows. 
-An untrusted origin is allowed to send messages to a trusted window, and if the origin 
-is not checked that can lead to various security issues.
+An untrusted window can send a message to a trusted window, and it is up to the receiver to verify the legitimacy of the message. One way of doing that verification is to check the <code>origin</code> of the message ensure that it origins from a trusted window.
 </p>
 </overview>
 
