id: wildcard-postmessage info: name: Wildcard postMessage detection author: pdteam severity: info reference: https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html tags: xss,postmessage requests: - method: GET path: - '{{BaseURL}}' matchers: - type: regex regex: - postMessage\([a-zA-Z]+,["']\*["']\)