False-positive - 'Origins should be verified during cross-origin communications'

Hi there,

I noticed that SonarCloud is reporting false-positives for the following code:

#1 Window: pageshow event

window.addEventListener('pageshow', function (e) {

#2 Window: popstate event

window.addEventListener('popstate', function (e) {

#3 HTMLMediaElement: playing and HTMLMediaElement: ended events

window.addEventListener('playing', onMediaFilePlay, true);
window.addEventListener('ended', onMediaFinished, true);

#4 Document: keydown event

targetWindow.addEventListener('keydown', onKeyDown, true);

The error message is ‚ÄúVerify the message‚Äôs origin in this cross-origin communication‚ÄĚ

However, for these examples, event.origin is ‚Äėundefined‚Äô as none of them listen to messages that are dispatched from window.postMessage.


1 Like


We already have the ticket for that FP on S2819 should only raise on the message type of event · Issue #2666 · SonarSource/SonarJS · GitHub, thanks for reporting anyway!

1 Like

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.