Snyk security findings:
✗ [Low] Insufficient postMessage Validation
Path: ./dist/worker-bundle.js, line 53
Info: The origin of the received message is not checked. This means any site (even malicious) can send message to this window. If you don't expect this, consider checking the origin of sender.
✗ [Low] Insufficient postMessage Validation
Path: ./dist/worker-bundle.js, line 243
Info: The origin of the received message is not checked. This means any site (even malicious) can send message to this window. If you don't expect this, consider checking the origin of sender.
This is a security vulnerability because it allows any website (even malicious ones) to send messages to your window or iframe. Without origin validation, an attacker could potentially send harmful data to your page, leading to cross-site scripting (XSS) or other attacks.
Snyk security findings:
✗ [Low] Insufficient postMessage Validation
Path: ./dist/worker-bundle.js, line 53
Info: The origin of the received message is not checked. This means any site (even malicious) can send message to this window. If you don't expect this, consider checking the origin of sender.
✗ [Low] Insufficient postMessage Validation
Path: ./dist/worker-bundle.js, line 243
Info: The origin of the received message is not checked. This means any site (even malicious) can send message to this window. If you don't expect this, consider checking the origin of sender.
This is a security vulnerability because it allows any website (even malicious ones) to send messages to your window or iframe. Without origin validation, an attacker could potentially send harmful data to your page, leading to cross-site scripting (XSS) or other attacks.