Is it secure to use window.origin with postMessage?
When using postMessage it’s important to define a targetOrigin to ensure we don’t leak data to other sites.
It’s equally important to check the origin when receiving a message to prevent other sites from triggering our scripts.
But, if we’… Continue reading Is it secure to use window.origin with postMessage?