Version : Sonar Cloud, Sonar For VScode
Sonar cloud complain error upon in webview
documentObject.postMessage('tel:1767');
while sonar for javascript in visual studio code and also webstorm didn’t complain it .
Maybe other info : Cross-document messaging domains should be carefully restricted
It should explain as notice not status critical . Most of the problem js wouldn’t know it was a webview inside react -native or vuejs or react website . Pushing no post message parameter empty as wildcard is wrong.
So at least need to check if basic like “tel”,“goback” don’t have this issue error.
Hello @NobodyButMe-Haiya,
Welcome to the community!
It’s a bit hard for me to tell what is happening at this point. Could you send me:
- a picture of the issue on SonarCloud
- a snippet of code or even better a small reproducer project so that I can check if I reproduce
- a log on the analysis on SonarLint side. You can find how to activate debug traces for IntelliJ and VSCode.
Thanks
Thanks for reply .
-
picture below from sonar cloud.
-
Snippet
window.postMessage("goBack");
- Not produceable in VSCode Nor Webstorm
** Nodejs application which will be preview inside react native apps(web view) (private)
Hello,
I am sorry but I still don’t have enough information to reproduce the problem. I understand that you cannot share the project where this happens, but it would be very useful if you could extract a small reproducer project. The idea is that you have the smallest possible project that raises this issue on SonarCloud and not in SonarLint.
Thanks
