id: wildcard-postmessage
info:
name: Wildcard postMessage detection
author: pdteam
severity: info
reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
tags: xss,postmessage
requests:
- method: GET
path:
- '{{BaseURL}}'
matchers:
- type: regex
regex:
- postMessage\([a-zA-Z]+,["']\*["']\)