message-postinator

A tool for testing the security of apps that leverage postMessage()

Try it now: postinator.jaytonbirch.com

What is this for?

The problem

A web client is vulnerable to poisonous messaging when it:

reflects user-defined iframes
listens for messages without source-checking

Check out the mdn docs regarding security concerns with postMessage()

Using message-postinator

Blaster Builder

message-postinator can be used to build webpages that post messages that you define to the frame's parent. You can then test web apps that reflect user-defined iframes by using the message blaster that you created.

Playground

You can test your Blasters in the playground

Name		Name	Last commit message	Last commit date
Latest commit History 17 Commits
public		public
src		src
.eslintrc.cjs		.eslintrc.cjs
.gitattributes		.gitattributes
.gitignore		.gitignore
.prettierignore		.prettierignore
LICENSE		LICENSE
README.md		README.md
index.html		index.html
package.json		package.json
pnpm-lock.yaml		pnpm-lock.yaml
tsconfig.json		tsconfig.json
tsconfig.node.json		tsconfig.node.json
vite.config.ts		vite.config.ts

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

message-postinator

What is this for?

The problem

Using message-postinator

Blaster Builder

Playground

About

Releases

Packages

Languages

License

birch-jayton/message-postinator

Folders and files

Latest commit

History

Repository files navigation

message-postinator

What is this for?

The problem

Using message-postinator

Blaster Builder

Playground

About

Topics

Resources

License

Stars

Watchers

Forks

Releases

Packages 0

Languages

Packages