@microsoft/eslint-plugin-sdl/docs/rules/no-postmessage-star-origin.md

ESLint plugin focused on common security issues and misconfigurations discoverable during static testing as part of Microsoft Security Development Lifecycle (SDL)

# Do not use \* as target origin when sending data to other windows (no-postmessage-star-origin)

Always provide specific target origin, not \* when sending data to other windows using [`postMessage`](https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage#Security_concerns) to avoid data leakage outside of trust boundary.