-
Notifications
You must be signed in to change notification settings - Fork 229
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Security issure with HTML5: Overly Permissive Message Posting Policy (PostMessage Broadcast Vulnerability) in vuelayers #260
Security issure with HTML5: Overly Permissive Message Posting Policy (PostMessage Broadcast Vulnerability) in vuelayers #260
Comments
This problem could relate to |
Hello @jerry1108 , Or before the release, as @become-iron suggested, fork and build with Thanks for report! |
@become-iron , @ghettovoice : |
Done in v0.11.21 |
dear @ghettovoice :
I have developed GIS Web application by using vuelayers (@Version 0.11.5-beta.3) and recently the application has been scanned by third party security-testing tools in our customer production environment. One of security vulnerabilities is HTML5: Overly Permissive Message Posting Policy (PostMessage Broadcast Vulnerability) that is found in row 57995 in vuelayes.js:
_global.postMessage(id + '', '*');
The suggestion of the report is avoiding to use * as postMessage's parameter (targetOrigin).
Can I modify * to something else? ex: our application domain name? or...?
How do I fix this vulnerability?
Hope you can give me a hint or suggestion. Thank you.
The text was updated successfully, but these errors were encountered: