Service workers are flagged by SonarCloud Scan with Issue #13150
Description
Vulnerability suggested resolution:
Compliant Solution
When sending a message:
var iframe = document.getElementById("testsecureiframe");iframe.contentWindow.postMessage("hello", "https://secure.example.com"); // Compliant
When receiving a message:
window.addEventListener("message", function(event) {
if (event.origin !== "http://example.org") // Compliant
return;
console.log(event.data)
});
Code with Issue: service-worker.js
Lines: 20 -24
self.addEventListener('message', (event) => {
if (event.data && event.data.type === 'SKIP_WAITING') {
self.skipWaiting();
}
});