id: wildcard-postmessage

info:
  name: Wildcard postMessage detection
  author: pdteam
  severity: info
  reference:
    - https://jlajara.gitlab.io/web/2020/06/12/Dom_XSS_PostMessage.html
  tags: xss,postmessage

requests:
  - method: GET
    path:
      - '{{BaseURL}}'

    matchers:
      - type: regex
        regex:
          - postMessage\([a-zA-Z]+,["']\*["']\)