Loading...

XML

Word

Printable

Type: Quality Risk
Resolution: Done
Priority: Major
Fix Version/s: 1.40.0.Final
Affects Version/s: 1.36.0.Final
Component/s: Runtime Tooling
Labels:
None

Blocked:
False
Blocked Reason:
None
Ready:
False
Git Pull Request:
https://github.com/kiegroup/kogito-apps/pull/1697, https://github.com/kiegroup/kogito-apps/pull/1770
[QE] How to address?:
---
[QE] Why QE missed?:
---
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Sonar check reports vulnerable code constructs when using window.postMessage calls with `*` as targetOrigin.

The origin specification should be changed to reflect the env of deployment, i.e. specific URL.

links to

Sonar report for kogito-apps

Assignee:: Jan Stastny

Reporter:: Jan Stastny

QA Contact:: Barbora Kapustova

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/04/14 7:13 PM

Updated:: 2023/06/20 8:41 AM

Resolved:: 2023/06/20 8:41 AM