From 411255ad6a59d051ec5ae3d0884acd9286064278 Mon Sep 17 00:00:00 2001
From: daniel-teuchert-sonarsource
<141642369+daniel-teuchert-sonarsource@users.noreply.github.com>
Date: Mon, 25 Nov 2024 11:01:38 +0100
Subject: [PATCH] Modify rule S5148: Adjust description to fit improved
detection (#3823)
---
rules/S5148/html/rule.adoc | 12 +++++-------
rules/S5148/recommended.adoc | 2 --
2 files changed, 5 insertions(+), 9 deletions(-)
diff --git a/rules/S5148/html/rule.adoc b/rules/S5148/html/rule.adoc
index c6579516d85..38bb447e1a6 100644
--- a/rules/S5148/html/rule.adoc
+++ b/rules/S5148/html/rule.adoc
@@ -2,24 +2,22 @@ include::../description.adoc[]
include::../ask-yourself.adoc[]
-include::../recommended.adoc[]
-
== Sensitive Code Example
[source,html]
----
-
+
-
+
----
== Compliant Solution
-To prevent pages from abusing ``++window.opener++``, use ``++rel=noopener++`` on ``++++`` to force its value to be ``++null++`` on the opened pages.
+In Chrome 88+, Firefox 79+ or Safari 12.1+ ``++target=_blank++`` on anchors implies ``++rel=noopener++`` which makes the protection enabled by default.
[source,html]
----
-
+
----
== Exceptions
@@ -28,7 +26,7 @@ No Issue will be raised when ``++href++`` contains a hardcoded relative url as t
[source,html]
----
-
+
----
include::../see.adoc[]
diff --git a/rules/S5148/recommended.adoc b/rules/S5148/recommended.adoc
index 86e6bfbae50..7592ab18cec 100644
--- a/rules/S5148/recommended.adoc
+++ b/rules/S5148/recommended.adoc
@@ -1,5 +1,3 @@
== Recommended Secure Coding Practices
Use ``++noopener++`` to prevent untrusted pages from abusing ``++window.opener++``.
-
-Note: In Chrome 88+, Firefox 79+ or Safari 12.1+ ``++target=_blank++`` on anchors implies ``++rel=noopener++`` which make the protection enabled by default.