Modify rule S5148: Adjust description to fit improved detection (#3823)

SonarSource · Nov 25, 2024 · 411255a · 411255a
1 parent e240c8e
commit 411255a
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 9 deletions.
diff --git a/rules/S5148/html/rule.adoc b/rules/S5148/html/rule.adoc
@@ -2,24 +2,22 @@ include::../description.adoc[]
 
 include::../ask-yourself.adoc[]
 
-include::../recommended.adoc[]
-
 == Sensitive Code Example
 
 [source,html]
 ----
-<a href="http://example.com/dangerous" target="_blank"> <!-- Sensitive -->
+<a href="http://example.com/" rel="opener" target="_blank"> <!-- Sensitive -->
 
-<a href="{{variable}}" target="_blank"> <!-- Sensitive -->
+<a href="{{variable}}" rel="opener" target="_blank"> <!-- Sensitive -->
 ----
 
 == Compliant Solution
 
-To prevent pages from abusing ``++window.opener++``, use ``++rel=noopener++`` on ``++<a href=>++`` to force its value to be ``++null++`` on the opened pages.
+In Chrome 88+, Firefox 79+ or Safari 12.1+ ``++target=_blank++`` on anchors implies ``++rel=noopener++`` which makes the protection enabled by default.
 
 [source,html]
 ----
-<a href="http://petssocialnetwork.io" target="_blank" rel="noopener">
+<a href="https://example.com/" target="_blank" >
 ----
 
 == Exceptions
@@ -28,7 +26,7 @@ No Issue will be raised when ``++href++`` contains a hardcoded relative url as t
 
 [source,html]
 ----
-<a href="internal.html" target="_blank" >
+<a href="internal.html" rel="opener" target="_blank" >
 ----
 
 include::../see.adoc[]

diff --git a/rules/S5148/recommended.adoc b/rules/S5148/recommended.adoc
@@ -1,5 +1,3 @@
 == Recommended Secure Coding Practices
 
 Use ``++noopener++`` to prevent untrusted pages from abusing ``++window.opener++``. 
-
-Note: In Chrome 88+, Firefox 79+ or Safari 12.1+ ``++target=_blank++`` on anchors implies ``++rel=noopener++`` which make the protection enabled by default.