unicorn/require-post-message-target-origin Suspicious ​
💡 A suggestion is available for this rule.
What it does ​
Enforce using the targetOrigin argument with window.postMessage()
Why is this bad? ​
When calling window.postMessage() without the targetOrigin argument, the message cannot be received by any window.
Examples ​
Examples of incorrect code for this rule:
js
window.postMessage(message);
Examples of correct code for this rule:
js
window.postMessage(message, "https://example.com");
window.postMessage(message, "*");
How to use ​
To enable this rule in the CLI or using the config file, you can use:
bash
oxlint --deny unicorn/require-post-message-target-origin
json
{
"rules": {
"unicorn/require-post-message-target-origin": "error"
}
}