		/* global module, require */
		module.exports = {
		rules: {
		"no-wildcard-postmessage": require("./lib/rules/no-wildcard-postmessage.js")
		}
		rules: {
		"no-wildcard-postmessage": require("./lib/rules/no-wildcard-postmessage.js")
		}
		};

lib/rules/no-wildcard-postmessage.js

		@@ -13,29 +13,29 @@ /* global module */
		module.exports = function (context) {
		"use strict";
		return {
		CallExpression: function (node) {
		// postMessage and somewindow.postMessage
		var funcName;
		if (node.callee.name) {
		funcName = node.callee.name;
		} else if (node.callee.property && node.callee.property.name) {
		funcName = node.callee.property.name;
		} else {
		// anonymous function
		return;
		}
		if (funcName === "postMessage") {
		if (node.arguments.length > 1) {
		if ((node.arguments[1].type === "Literal") &&
		(node.arguments[1].value === "*")) {
		context.report(node, "Using postMessage() with" +
		" wildcard targets is not allowed.")
		}
		} else {
		return;
		}
		"use strict";
		return {
		CallExpression: function (node) {
		// postMessage and somewindow.postMessage
		var funcName;
		if (node.callee.name) {
		funcName = node.callee.name;
		} else if (node.callee.property && node.callee.property.name) {
		funcName = node.callee.property.name;
		} else {
		// anonymous function
		return;
		}
		if (funcName === "postMessage") {
		if (node.arguments.length > 1) {
		if ((node.arguments[1].type === "Literal") &&
		(node.arguments[1].value === "*")) {
		context.report(node, "Using postMessage() with" +
		" wildcard targets is not allowed.");
		}
		} else {
		return;
		}

		}
		}
		};
		}
		}
		};
		};

package.json

		{
		"name": "eslint-plugin-no-wildcard-postmessage",
		"description": "custom ESLint rule to disallows calling postMessage to wildcard targets",
		"version": "0.1.2",
		"author": {
		"name": "Frederik Braun"
		},
		"bugs": {
		"url": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues"
		},
		"devDependencies": {
		"mocha": "^2.2.4"
		},
		"dependencies": {
		"eslint": "^1.4.1"
		},
		"homepage": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/",
		"keywords": [
		"eslint",
		"eslint-plugin",
		"eslintplugin",
		"lint",
		"security"
		],
		"license": "MPL-2.0",
		"main": "index.js",
		"repository": {
		"type": "git",
		"url": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues"
		},
		"scripts":{
		"test": "mocha tests/rules/",
		"lint": "node_modules/.bin/eslint index.js lib/*/.js tests/*/.js"
		}
		"name": "eslint-plugin-no-wildcard-postmessage",
		"description": "custom ESLint rule to disallows calling postMessage to wildcard targets",
		"version": "0.1.3",
		"author": {
		"name": "Frederik Braun"
		},
		"bugs": {
		"url": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues"
		},
		"devDependencies": {
		"mocha": "^2.2.4"
		},
		"dependencies": {
		"eslint": "^1.4.1"
		},
		"homepage": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/",
		"keywords": [
		"eslint",
		"eslint-plugin",
		"eslintplugin",
		"lint",
		"security"
		],
		"license": "MPL-2.0",
		"main": "index.js",
		"repository": {
		"type": "git",
		"url": "https://github.com/mozfreddyb/eslint-plugin-no-wildcard-postmessage/issues"
		},
		"scripts":{
		"test": "mocha tests/rules/",
		"lint": "node_modules/.bin/eslint index.js lib/*/.js tests/*/.js"
		}
		}

tests/rules/no-wildcard-postmessage.js

		@@ -25,50 +25,50 @@ /* global require */

		valid: [
		{
		code: "postMessage(obj);",
		ecmaFeatures: features
		},
		{
		code: 'frame.postMessage(obj, "http://domain.tld");',
		ecmaFeatures: features
		},
		{
		code: "frame.postMessage(obj, 'http://domain.tld');",
		ecmaFeatures: features
		},
		{ // iife
		code: "(function() {})()",
		ecmaFeatures: features
		}
		valid: [
		{
		code: "postMessage(obj);",
		ecmaFeatures: features
		},
		{
		code: "frame.postMessage(obj, 'http://domain.tld');",
		ecmaFeatures: features
		},
		{
		code: "frame.postMessage(obj, 'http://domain.tld');",
		ecmaFeatures: features
		},
		{ // iife
		code: "(function() {})()",
		ecmaFeatures: features
		}


		],
		],

		// Examples of code that should trigger the rule
		invalid: [
		{
		code: "postMessage(obj, '*');",
		errors: [{
		message: "Using postMessage() with wildcard targets is not allowed.",
		type: "CallExpression"
		}],
		ecmaFeatures: features
		},
		{
		code: 'postMessage(obj, "*");',
		errors: [{
		message: "Using postMessage() with wildcard targets is not allowed.",
		type: "CallExpression"
		}],
		ecmaFeatures: features
		},
		{
		code: 'win.postMessage(obj, "*");',
		errors: [{
		message: "Using postMessage() with wildcard targets is not allowed.",
		type: "CallExpression"
		}],
		ecmaFeatures: features
		}
		]
		// Examples of code that should trigger the rule
		invalid: [
		{
		code: "postMessage(obj, '*');",
		errors: [{
		message: "Using postMessage() with wildcard targets is not allowed.",
		type: "CallExpression"
		}],
		ecmaFeatures: features
		},
		{
		code: "postMessage(obj, '*');",
		errors: [{
		message: "Using postMessage() with wildcard targets is not allowed.",
		type: "CallExpression"
		}],
		ecmaFeatures: features
		},
		{
		code: "win.postMessage(obj, '*');",
		errors: [{
		message: "Using postMessage() with wildcard targets is not allowed.",
		type: "CallExpression"
		}],
		ecmaFeatures: features
		}
		]
		});

eslint-plugin-no-wildcard-postmessage - npm Package Compare versions

Improved metrics