Issue with Rule S2819

The code below is triggering the Cross-document messaging domains should be carefully restricted rule. Is this a false positive?, 'https://' + this.yelp + '');

The targetOrigin is being specified yet it seems to treat this code like I’m passing in a wildcard?

Hi @Emile_Choghi

That’s a good point. I’ve converted the type of that rule into Security Hotspot (see RSPEC-2819)

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.