💡 This rule provides suggestions.
When calling window.postMessage() without the targetOrigin argument, the message cannot be received by any window.
This rule cannot distinguish between window.postMessage() and other calls like Worker#postMessage(), MessagePort#postMessage(), Client#postMessage(), and BroadcastChannel#postMessage(). Use on your own risk.
window.postMessage(message);window.postMessage(message, 'https://example.com');window.postMessage(message, '*');