unicorn/require-post-message-target-origin Suspicious
🛠️ An auto-fix is available for this rule.
What it does
Enforce using the targetOrigin argument with window.postMessage()
Why is this bad?
When calling window.postMessage() without the targetOrigin argument, the message cannot be received by any window.
Examples
Examples of incorrect code for this rule:
js
window.postMessage(message);Examples of correct code for this rule:
js
window.postMessage(message, "https://example.com");
window.postMessage(message, "*");How to use
To enable this rule in the CLI or using the config file, you can use:
bash
oxlint --deny unicorn/require-post-message-target-originjson
{
"rules": {
"unicorn/require-post-message-target-origin": "error"
}
}