Vulnerability suggested resolution: Compliant Solution When sending a message: var iframe = document.getElementById("testsecureiframe");iframe.contentWindow.postMessage("hello", "[https://secure.example.com](https://www.google.com/url?q=https://secure.example.com&sa=D&source=calendar&ust=1683723567121826&usg=AOvVaw3WI_5u5isHINpGtBaUPGhR)"); // Compliant When receiving a message: window.addEventListener("message", function(event) { if (event.origin !== "[http://example.org](https://www.google.com/url?q=http://example.org&sa=D&source=calendar&ust=1683723567121826&usg=AOvVaw1BQSbri5gf7-08s9I6OHLB)") // Compliant return; console.log(event.data) }); Code with Issue: service-worker.js Lines: 20 -24 self.addEventListener('message', (event) => { if (event.data && event.data.type === 'SKIP_WAITING') { self.skipWaiting(); } });