Tag Archives: postMessage

HTML5: Cross Domain Messaging (PostMessage) Vulnerabilities

HTML5 PostMessages (also known as: Web Messaging, or Cross Domain Messaging) is a method of passing arbitrary data between domains. However if not implemented correctly it can lead to sensitive information disclosure or cross-site scripting vulnerabilities as it leaves origin validation up to the developer!

Continue reading: HTML5: Cross Domain Messaging (PostMessage) Vulnerabilities