no-postmessage-origin-wildcard

Always provide specific target origin, not * when sending data to other windows using postMessage to avoid data leakage outside of trust boundary.