From 3f97f70b2bf85ee91a73a00435e87c153b6a3feb Mon Sep 17 00:00:00 2001
From: Joffrey Leveugle <joffrey.leveugle@decathlon.com>
Date: Mon, 3 May 2021 19:45:52 +0200
Subject: [PATCH 1/3] add security warning for anchor element (rel attribute)

---
 src/compiler/compile/nodes/Element.ts         |  20 ++
 .../security-anchor-rel-noopener/input.svelte |  34 ++++
 .../warnings.json                             | 182 ++++++++++++++++++
 .../input.svelte                              |  34 ++++
 .../warnings.json                             | 182 ++++++++++++++++++
 5 files changed, 452 insertions(+)
 create mode 100644 test/validator/samples/security-anchor-rel-noopener/input.svelte
 create mode 100644 test/validator/samples/security-anchor-rel-noopener/warnings.json
 create mode 100644 test/validator/samples/security-anchor-rel-noreferrer/input.svelte
 create mode 100644 test/validator/samples/security-anchor-rel-noreferrer/warnings.json

diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts
index dbde8f1b2df8..046d6252f3ff 100644
--- a/src/compiler/compile/nodes/Element.ts
+++ b/src/compiler/compile/nodes/Element.ts
@@ -394,6 +394,26 @@ export default class Element extends Node {
 			const href_attribute = attribute_map.get('href') || attribute_map.get('xlink:href');
 			const id_attribute = attribute_map.get('id');
 			const name_attribute = attribute_map.get('name');
+			const target_attribute = attribute_map.get('target');
+
+			if (target_attribute && target_attribute.get_static_value() === '_blank' && href_attribute) {
+				const href_static_value = href_attribute.get_static_value() ? href_attribute.get_static_value().toLowerCase() : null;
+
+				if (href_static_value === null || href_static_value.startsWith('http') || href_static_value.startsWith('//')) {
+					const rel = attribute_map.get('rel');
+					const rel_values = rel ? rel.get_static_value().split(' ') : [];
+					const expected_values = ['noopener', 'noreferrer'];
+
+					expected_values.forEach(expected_value => {
+						if (!rel || rel && rel_values.indexOf(expected_value) < 0) {
+							component.warn(this, {
+								code: `security-anchor-rel-${expected_value}`,
+								message: `Security: Anchor with "target=_blank" should have rel attribute containing the value "${expected_value}"`
+							});
+						}
+					});
+				}
+			}
 
 			if (href_attribute) {
 				const href_value = href_attribute.get_static_value();
diff --git a/test/validator/samples/security-anchor-rel-noopener/input.svelte b/test/validator/samples/security-anchor-rel-noopener/input.svelte
new file mode 100644
index 000000000000..be146f66767e
--- /dev/null
+++ b/test/validator/samples/security-anchor-rel-noopener/input.svelte
@@ -0,0 +1,34 @@
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="https://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="https://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="https://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href={'https://svelte.dev'} target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href={'https://svelte.dev'} target="_blank" rel="">svelte website (invalid)</a>
+<a href={'https://svelte.dev'} target="_blank" rel="noreferrer">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="//svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="//svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="//svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="http://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="http://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="http://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="same-host" target="_blank">Same host (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="same-host" target="_blank" rel="">Same host (valid)</a>
+<a href="same-host" target="_blank" rel="noreferrer">Same host (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="http://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
+<a href="http://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="https://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
+<a href="https://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="//svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
+<a href="//svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noopener/warnings.json b/test/validator/samples/security-anchor-rel-noopener/warnings.json
new file mode 100644
index 000000000000..6d4c77e7d350
--- /dev/null
+++ b/test/validator/samples/security-anchor-rel-noopener/warnings.json
@@ -0,0 +1,182 @@
+[
+	{
+		"code": "security-anchor-rel-noopener",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"start": {
+			"line": 2,
+			"column": 0,
+			"character": 54
+		},
+		"end": {
+			"line": 2,
+			"column": 73,
+			"character": 127
+		},
+		"pos": 54
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"start": {
+			"line": 4,
+			"column": 0,
+			"character": 182
+		},
+		"end": {
+			"line": 4,
+			"column": 80,
+			"character": 262
+		},
+		"pos": 182
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"start": {
+			"line": 5,
+			"column": 0,
+			"character": 263
+		},
+		"end": {
+			"line": 5,
+			"column": 90,
+			"character": 353
+		},
+		"pos": 263
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 483,
+			"column": 75,
+			"line": 7
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 408,
+		"start": {
+			"character": 408,
+			"column": 0,
+			"line": 7
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 620,
+			"column": 82,
+			"line": 9
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 538,
+		"start": {
+			"character": 538,
+			"column": 0,
+			"line": 9
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 713,
+			"column": 92,
+			"line": 10
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 621,
+		"start": {
+			"character": 621,
+			"column": 0,
+			"line": 10
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 835,
+			"column": 67,
+			"line": 12
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 768,
+		"start": {
+			"character": 768,
+			"column": 0,
+			"line": 12
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 964,
+			"column": 74,
+			"line": 14
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 890,
+		"start": {
+			"character": 890,
+			"column": 0,
+			"line": 14
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1049,
+			"column": 84,
+			"line": 15
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 965,
+		"start": {
+			"character": 965,
+			"column": 0,
+			"line": 15
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1176,
+			"column": 72,
+			"line": 17
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1104,
+		"start": {
+			"character": 1104,
+			"column": 0,
+			"line": 17
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1310,
+			"column": 79,
+			"line": 19
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1231,
+		"start": {
+			"character": 1231,
+			"column": 0,
+			"line": 19
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1400,
+			"column": 89,
+			"line": 20
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1311,
+		"start": {
+			"character": 1311,
+			"column": 0,
+			"line": 20
+		}
+	}
+]
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noreferrer/input.svelte b/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
new file mode 100644
index 000000000000..82248d28ef80
--- /dev/null
+++ b/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
@@ -0,0 +1,34 @@
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="https://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="https://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="https://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href={'https://svelte.dev'} target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href={'https://svelte.dev'} target="_blank" rel="">svelte website (invalid)</a>
+<a href={'https://svelte.dev'} target="_blank" rel="noopener">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="//svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="//svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="//svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="http://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="http://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="http://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="same-host" target="_blank">Same host (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="same-host" target="_blank" rel="">Same host (valid)</a>
+<a href="same-host" target="_blank" rel="noopener">Same host (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="http://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
+<a href="http://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="https://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
+<a href="https://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="//svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
+<a href="//svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noreferrer/warnings.json b/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
new file mode 100644
index 000000000000..5581b3e4496d
--- /dev/null
+++ b/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
@@ -0,0 +1,182 @@
+[
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"start": {
+			"line": 2,
+			"column": 0,
+			"character": 52
+		},
+		"end": {
+			"line": 2,
+			"column": 73,
+			"character": 125
+		},
+		"pos": 52
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"start": {
+			"line": 4,
+			"column": 0,
+			"character": 178
+		},
+		"end": {
+			"line": 4,
+			"column": 80,
+			"character": 258
+		},
+		"pos": 178
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"start": {
+			"line": 5,
+			"column": 0,
+			"character": 259
+		},
+		"end": {
+			"line": 5,
+			"column": 88,
+			"character": 347
+		},
+		"pos": 259
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 475,
+			"column": 75,
+			"line": 7
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 400,
+		"start": {
+			"character": 400,
+			"column": 0,
+			"line": 7
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 610,
+			"column": 82,
+			"line": 9
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 528,
+		"start": {
+			"character": 528,
+			"column": 0,
+			"line": 9
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 701,
+			"column": 90,
+			"line": 10
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 611,
+		"start": {
+			"character": 611,
+			"column": 0,
+			"line": 10
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 821,
+			"column": 67,
+			"line": 12
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 754,
+		"start": {
+			"character": 754,
+			"column": 0,
+			"line": 12
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 948,
+			"column": 74,
+			"line": 14
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 874,
+		"start": {
+			"character": 874,
+			"column": 0,
+			"line": 14
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 1031,
+			"column": 82,
+			"line": 15
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 949,
+		"start": {
+			"character": 949,
+			"column": 0,
+			"line": 15
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 1156,
+			"column": 72,
+			"line": 17
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 1084,
+		"start": {
+			"character": 1084,
+			"column": 0,
+			"line": 17
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 1288,
+			"column": 79,
+			"line": 19
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 1209,
+		"start": {
+			"character": 1209,
+			"column": 0,
+			"line": 19
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"end": {
+			"character": 1376,
+			"column": 87,
+			"line": 20
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"pos": 1289,
+		"start": {
+			"character": 1289,
+			"column": 0,
+			"line": 20
+		}
+	}
+]
\ No newline at end of file

From e5df2a64d22346c71f72b160c7b689c8a58b5934 Mon Sep 17 00:00:00 2001
From: Joffrey LEVEUGLE <joffrey.leveugle@gmail.com>
Date: Fri, 30 Jul 2021 22:57:24 +0200
Subject: [PATCH 2/3] manage more case for security warnings on anchor
 (aplocks, false positive ...)

---
 src/compiler/compile/nodes/Element.ts         |  2 +-
 .../security-anchor-rel-noopener/input.svelte | 16 ++++
 .../warnings.json                             | 92 ++++++++++++++++++-
 .../input.svelte                              | 16 ++++
 .../warnings.json                             | 92 ++++++++++++++++++-
 5 files changed, 215 insertions(+), 3 deletions(-)

diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts
index 046d6252f3ff..a3e7cea19253 100644
--- a/src/compiler/compile/nodes/Element.ts
+++ b/src/compiler/compile/nodes/Element.ts
@@ -399,7 +399,7 @@ export default class Element extends Node {
 			if (target_attribute && target_attribute.get_static_value() === '_blank' && href_attribute) {
 				const href_static_value = href_attribute.get_static_value() ? href_attribute.get_static_value().toLowerCase() : null;
 
-				if (href_static_value === null || href_static_value.startsWith('http') || href_static_value.startsWith('//')) {
+				if (href_static_value === null || href_static_value.match(/^(https?:)?\/\//i)) {
 					const rel = attribute_map.get('rel');
 					const rel_values = rel ? rel.get_static_value().split(' ') : [];
 					const expected_values = ['noopener', 'noreferrer'];
diff --git a/test/validator/samples/security-anchor-rel-noopener/input.svelte b/test/validator/samples/security-anchor-rel-noopener/input.svelte
index be146f66767e..ec4aaaf7b3d0 100644
--- a/test/validator/samples/security-anchor-rel-noopener/input.svelte
+++ b/test/validator/samples/security-anchor-rel-noopener/input.svelte
@@ -19,6 +19,16 @@
 <a href="http://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
 <a href="http://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
 <!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="HTTP://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="HTTP://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="HTTPS://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="HTTP://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="HTTPS://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
 <a href="same-host" target="_blank">Same host (valid)</a>
 <!-- svelte-ignore security-anchor-rel-noreferrer -->
 <a href="same-host" target="_blank" rel="">Same host (valid)</a>
@@ -30,5 +40,11 @@
 <a href="https://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
 <a href="https://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
 <!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="HTTP://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
+<a href="HTTP://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
+<a href="HTTPS://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
+<a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noreferrer -->
 <a href="//svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
 <a href="//svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noopener/warnings.json b/test/validator/samples/security-anchor-rel-noopener/warnings.json
index 6d4c77e7d350..352efb905056 100644
--- a/test/validator/samples/security-anchor-rel-noopener/warnings.json
+++ b/test/validator/samples/security-anchor-rel-noopener/warnings.json
@@ -178,5 +178,95 @@
 			"column": 0,
 			"line": 20
 		}
-	}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1534,
+			"column": 79,
+			"line": 22
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1455,
+		"start": {
+			"character": 1455,
+			"column": 0,
+			"line": 22
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1624,
+			"column": 89,
+			"line": 23
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1535,
+		"start": {
+			"character": 1535,
+			"column": 0,
+			"line": 23
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1759,
+			"column": 80,
+			"line": 25
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1679,
+		"start": {
+			"character": 1679,
+			"column": 0,
+			"line": 25
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1850,
+			"column": 90,
+			"line": 26
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1760,
+		"start": {
+			"character": 1760,
+			"column": 0,
+			"line": 26
+		}
+	},
+	{
+		"code": "security-anchor-rel-noopener",
+		"end": {
+			"character": 1977,
+			"column": 72,
+			"line": 28
+		},
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		"pos": 1905,
+		"start": {
+			"character": 1905,
+			"column": 0,
+			"line": 28
+		}
+	},
+	{
+		  "code": "security-anchor-rel-noopener",
+		  "end": {
+		    "character": 2105,
+		    "column": 73,
+		    "line": 30
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
+		  "pos": 2032,
+		  "start": {
+		    "character": 2032,
+		    "column": 0,
+		    "line": 30
+		  }
+		}
 ]
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noreferrer/input.svelte b/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
index 82248d28ef80..62d62165fc61 100644
--- a/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
+++ b/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
@@ -19,6 +19,16 @@
 <a href="http://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
 <a href="http://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
 <!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="HTTP://svelte.dev" target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="HTTP://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
+<a href="HTTP://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href={'HTTPS://svelte.dev'} target="_blank">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
+<a href={'HTTPS://svelte.dev'} target="_blank" rel="">svelte website (invalid)</a>
+<a href={'HTTPS://svelte.dev'} target="_blank" rel="noopener">svelte website (invalid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="same-host" target="_blank">Same host (valid)</a>
 <!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="same-host" target="_blank" rel="">Same host (valid)</a>
@@ -27,8 +37,14 @@
 <a href="http://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="http://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
 <!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="HTTP://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
+<a href="HTTP://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="https://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="https://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
 <!-- svelte-ignore security-anchor-rel-noopener -->
+<a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
+<a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
+<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="//svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="//svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noreferrer/warnings.json b/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
index 5581b3e4496d..1608c87e5b74 100644
--- a/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
+++ b/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
@@ -178,5 +178,95 @@
 			"column": 0,
 			"line": 20
 		}
-	}
+	},
+	{
+		  "code": "security-anchor-rel-noreferrer",
+		  "end": {
+		    "character": 1501,
+		    "column": 72,
+		    "line": 22
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		  "pos": 1429,
+		  "start": {
+		    "character": 1429,
+		    "column": 0,
+		    "line": 22
+		  }
+		},
+		{
+		  "code": "security-anchor-rel-noreferrer",
+		  "end": {
+		    "character": 1633,
+		    "column": 79,
+		    "line": 24
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		  "pos": 1554,
+		  "start": {
+		    "character": 1554,
+		    "column": 0,
+		    "line": 24
+		  }
+		},
+		{
+		  "code": "security-anchor-rel-noreferrer",
+		  "end": {
+		    "character": 1721,
+		    "column": 87,
+		    "line": 25
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		  "pos": 1634,
+		  "start": {
+		    "character": 1634,
+		    "column": 0,
+		    "line": 25
+		  }
+		},
+		{
+		  "code": "security-anchor-rel-noreferrer",
+		  "end": {
+		    "character": 1849,
+		    "column": 75,
+		    "line": 27
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		  "pos": 1774,
+		  "start": {
+		    "character": 1774,
+		    "column": 0,
+		    "line": 27
+		  }
+		},
+		{
+		  "code": "security-anchor-rel-noreferrer",
+		  "end": {
+		    "character": 1984,
+		    "column": 82,
+		    "line": 29
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		  "pos": 1902,
+		  "start": {
+		    "character": 1902,
+		    "column": 0,
+		    "line": 29
+		  }
+		},
+		{
+		  "code": "security-anchor-rel-noreferrer",
+		  "end": {
+		    "character": 2075,
+		    "column": 90,
+		    "line": 30
+		  },
+		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		  "pos": 1985,
+		  "start": {
+		    "character": 1985,
+		    "column": 0,
+		    "line": 30
+		  }
+		}
 ]
\ No newline at end of file

From 4cf48fa3331d9c035fdaedc15cbf7db3f5276a57 Mon Sep 17 00:00:00 2001
From: tanhauhau <lhtan93@gmail.com>
Date: Thu, 13 Oct 2022 21:22:05 +0800
Subject: [PATCH 3/3] remove noopener checks as noreferrer imples noopener

---
 src/compiler/compile/nodes/Element.ts         |   2 +-
 .../security-anchor-rel-noopener/input.svelte |  50 ---
 .../warnings.json                             | 272 ---------------
 .../input.svelte                              |  19 --
 .../warnings.json                             | 322 +++++++++---------
 5 files changed, 162 insertions(+), 503 deletions(-)
 delete mode 100644 test/validator/samples/security-anchor-rel-noopener/input.svelte
 delete mode 100644 test/validator/samples/security-anchor-rel-noopener/warnings.json

diff --git a/src/compiler/compile/nodes/Element.ts b/src/compiler/compile/nodes/Element.ts
index a3e7cea19253..aa84b1e7e0ad 100644
--- a/src/compiler/compile/nodes/Element.ts
+++ b/src/compiler/compile/nodes/Element.ts
@@ -402,7 +402,7 @@ export default class Element extends Node {
 				if (href_static_value === null || href_static_value.match(/^(https?:)?\/\//i)) {
 					const rel = attribute_map.get('rel');
 					const rel_values = rel ? rel.get_static_value().split(' ') : [];
-					const expected_values = ['noopener', 'noreferrer'];
+					const expected_values = ['noreferrer'];
 
 					expected_values.forEach(expected_value => {
 						if (!rel || rel && rel_values.indexOf(expected_value) < 0) {
diff --git a/test/validator/samples/security-anchor-rel-noopener/input.svelte b/test/validator/samples/security-anchor-rel-noopener/input.svelte
deleted file mode 100644
index ec4aaaf7b3d0..000000000000
--- a/test/validator/samples/security-anchor-rel-noopener/input.svelte
+++ /dev/null
@@ -1,50 +0,0 @@
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="https://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="https://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
-<a href="https://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href={'https://svelte.dev'} target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href={'https://svelte.dev'} target="_blank" rel="">svelte website (invalid)</a>
-<a href={'https://svelte.dev'} target="_blank" rel="noreferrer">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="//svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="//svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
-<a href="//svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="http://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="http://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
-<a href="http://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="HTTP://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
-<a href="HTTP://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="HTTPS://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
-<a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="HTTP://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="HTTPS://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="same-host" target="_blank">Same host (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="same-host" target="_blank" rel="">Same host (valid)</a>
-<a href="same-host" target="_blank" rel="noreferrer">Same host (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="http://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
-<a href="http://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="https://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
-<a href="https://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="HTTP://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
-<a href="HTTP://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="HTTPS://svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
-<a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noreferrer -->
-<a href="//svelte.dev" target="_blank" rel="noopener">svelte website (valid)</a>
-<a href="//svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noopener/warnings.json b/test/validator/samples/security-anchor-rel-noopener/warnings.json
deleted file mode 100644
index 352efb905056..000000000000
--- a/test/validator/samples/security-anchor-rel-noopener/warnings.json
+++ /dev/null
@@ -1,272 +0,0 @@
-[
-	{
-		"code": "security-anchor-rel-noopener",
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"start": {
-			"line": 2,
-			"column": 0,
-			"character": 54
-		},
-		"end": {
-			"line": 2,
-			"column": 73,
-			"character": 127
-		},
-		"pos": 54
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"start": {
-			"line": 4,
-			"column": 0,
-			"character": 182
-		},
-		"end": {
-			"line": 4,
-			"column": 80,
-			"character": 262
-		},
-		"pos": 182
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"start": {
-			"line": 5,
-			"column": 0,
-			"character": 263
-		},
-		"end": {
-			"line": 5,
-			"column": 90,
-			"character": 353
-		},
-		"pos": 263
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 483,
-			"column": 75,
-			"line": 7
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 408,
-		"start": {
-			"character": 408,
-			"column": 0,
-			"line": 7
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 620,
-			"column": 82,
-			"line": 9
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 538,
-		"start": {
-			"character": 538,
-			"column": 0,
-			"line": 9
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 713,
-			"column": 92,
-			"line": 10
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 621,
-		"start": {
-			"character": 621,
-			"column": 0,
-			"line": 10
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 835,
-			"column": 67,
-			"line": 12
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 768,
-		"start": {
-			"character": 768,
-			"column": 0,
-			"line": 12
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 964,
-			"column": 74,
-			"line": 14
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 890,
-		"start": {
-			"character": 890,
-			"column": 0,
-			"line": 14
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1049,
-			"column": 84,
-			"line": 15
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 965,
-		"start": {
-			"character": 965,
-			"column": 0,
-			"line": 15
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1176,
-			"column": 72,
-			"line": 17
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1104,
-		"start": {
-			"character": 1104,
-			"column": 0,
-			"line": 17
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1310,
-			"column": 79,
-			"line": 19
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1231,
-		"start": {
-			"character": 1231,
-			"column": 0,
-			"line": 19
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1400,
-			"column": 89,
-			"line": 20
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1311,
-		"start": {
-			"character": 1311,
-			"column": 0,
-			"line": 20
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1534,
-			"column": 79,
-			"line": 22
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1455,
-		"start": {
-			"character": 1455,
-			"column": 0,
-			"line": 22
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1624,
-			"column": 89,
-			"line": 23
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1535,
-		"start": {
-			"character": 1535,
-			"column": 0,
-			"line": 23
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1759,
-			"column": 80,
-			"line": 25
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1679,
-		"start": {
-			"character": 1679,
-			"column": 0,
-			"line": 25
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1850,
-			"column": 90,
-			"line": 26
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1760,
-		"start": {
-			"character": 1760,
-			"column": 0,
-			"line": 26
-		}
-	},
-	{
-		"code": "security-anchor-rel-noopener",
-		"end": {
-			"character": 1977,
-			"column": 72,
-			"line": 28
-		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		"pos": 1905,
-		"start": {
-			"character": 1905,
-			"column": 0,
-			"line": 28
-		}
-	},
-	{
-		  "code": "security-anchor-rel-noopener",
-		  "end": {
-		    "character": 2105,
-		    "column": 73,
-		    "line": 30
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noopener\"",
-		  "pos": 2032,
-		  "start": {
-		    "character": 2032,
-		    "column": 0,
-		    "line": 30
-		  }
-		}
-]
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noreferrer/input.svelte b/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
index 62d62165fc61..de52d5a59604 100644
--- a/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
+++ b/test/validator/samples/security-anchor-rel-noreferrer/input.svelte
@@ -1,50 +1,31 @@
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="https://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="https://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
 <a href="https://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href={'https://svelte.dev'} target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href={'https://svelte.dev'} target="_blank" rel="">svelte website (invalid)</a>
 <a href={'https://svelte.dev'} target="_blank" rel="noopener">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="//svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="//svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
 <a href="//svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="http://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="http://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
 <a href="http://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="HTTP://svelte.dev" target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="HTTP://svelte.dev" target="_blank" rel="">svelte website (invalid)</a>
 <a href="HTTP://svelte.dev" target="_blank" rel="noopener">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href={'HTTPS://svelte.dev'} target="_blank">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href={'HTTPS://svelte.dev'} target="_blank" rel="">svelte website (invalid)</a>
 <a href={'HTTPS://svelte.dev'} target="_blank" rel="noopener">svelte website (invalid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="same-host" target="_blank">Same host (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="same-host" target="_blank" rel="">Same host (valid)</a>
 <a href="same-host" target="_blank" rel="noopener">Same host (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="http://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="http://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="HTTP://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="HTTP://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="https://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="https://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="HTTPS://svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
-<!-- svelte-ignore security-anchor-rel-noopener -->
 <a href="//svelte.dev" target="_blank" rel="noreferrer">svelte website (valid)</a>
 <a href="//svelte.dev" target="_blank" rel="noreferrer noopener">svelte website (valid)</a>
\ No newline at end of file
diff --git a/test/validator/samples/security-anchor-rel-noreferrer/warnings.json b/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
index 1608c87e5b74..24c10fb7639c 100644
--- a/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
+++ b/test/validator/samples/security-anchor-rel-noreferrer/warnings.json
@@ -2,271 +2,271 @@
 	{
 		"code": "security-anchor-rel-noreferrer",
 		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"start": {
-			"line": 2,
-			"column": 0,
-			"character": 52
-		},
 		"end": {
-			"line": 2,
+			"character": 73,
 			"column": 73,
-			"character": 125
+			"line": 1
 		},
-		"pos": 52
+		"pos": 0,
+		"start": {
+			"character": 0,
+			"column": 0,
+			"line": 1
+		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
 		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"start": {
-			"line": 4,
-			"column": 0,
-			"character": 178
-		},
 		"end": {
-			"line": 4,
+			"character": 154,
 			"column": 80,
-			"character": 258
+			"line": 2
 		},
-		"pos": 178
+		"pos": 74,
+		"start": {
+			"character": 74,
+			"column": 0,
+			"line": 2
+		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
 		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"start": {
-			"line": 5,
-			"column": 0,
-			"character": 259
-		},
 		"end": {
-			"line": 5,
+			"character": 243,
 			"column": 88,
-			"character": 347
+			"line": 3
 		},
-		"pos": 259
+		"pos": 155,
+		"start": {
+			"character": 155,
+			"column": 0,
+			"line": 3
+		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 475,
+			"character": 319,
 			"column": 75,
-			"line": 7
+			"line": 4
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 400,
+		"pos": 244,
 		"start": {
-			"character": 400,
+			"character": 244,
 			"column": 0,
-			"line": 7
+			"line": 4
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 610,
+			"character": 402,
 			"column": 82,
-			"line": 9
+			"line": 5
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 528,
+		"pos": 320,
 		"start": {
-			"character": 528,
+			"character": 320,
 			"column": 0,
-			"line": 9
+			"line": 5
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 701,
+			"character": 493,
 			"column": 90,
-			"line": 10
+			"line": 6
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 611,
+		"pos": 403,
 		"start": {
-			"character": 611,
+			"character": 403,
 			"column": 0,
-			"line": 10
+			"line": 6
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 821,
+			"character": 561,
 			"column": 67,
-			"line": 12
+			"line": 7
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 754,
+		"pos": 494,
 		"start": {
-			"character": 754,
+			"character": 494,
 			"column": 0,
-			"line": 12
+			"line": 7
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 948,
+			"character": 636,
 			"column": 74,
-			"line": 14
+			"line": 8
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 874,
+		"pos": 562,
 		"start": {
-			"character": 874,
+			"character": 562,
 			"column": 0,
-			"line": 14
+			"line": 8
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 1031,
+			"character": 719,
 			"column": 82,
-			"line": 15
+			"line": 9
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 949,
+		"pos": 637,
 		"start": {
-			"character": 949,
+			"character": 637,
 			"column": 0,
-			"line": 15
+			"line": 9
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 1156,
+			"character": 792,
 			"column": 72,
-			"line": 17
+			"line": 10
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 1084,
+		"pos": 720,
 		"start": {
-			"character": 1084,
+			"character": 720,
 			"column": 0,
-			"line": 17
+			"line": 10
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 1288,
+			"character": 872,
 			"column": 79,
-			"line": 19
+			"line": 11
 		},
-		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 1209,
+		"pos": 793,
 		"start": {
-			"character": 1209,
+			"character": 793,
 			"column": 0,
-			"line": 19
+			"line": 11
 		}
 	},
 	{
 		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
 		"end": {
-			"character": 1376,
+			"character": 960,
 			"column": 87,
-			"line": 20
+			"line": 12
 		},
+		"pos": 873,
+		"start": {
+			"character": 873,
+			"column": 0,
+			"line": 12
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
 		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		"pos": 1289,
+		"end": {
+			"character": 1033,
+			"column": 72,
+			"line": 13
+		},
+		"pos": 961,
 		"start": {
-			"character": 1289,
+			"character": 961,
 			"column": 0,
-			"line": 20
+			"line": 13
 		}
 	},
 	{
-		  "code": "security-anchor-rel-noreferrer",
-		  "end": {
-		    "character": 1501,
-		    "column": 72,
-		    "line": 22
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		  "pos": 1429,
-		  "start": {
-		    "character": 1429,
-		    "column": 0,
-		    "line": 22
-		  }
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"end": {
+			"character": 1113,
+			"column": 79,
+			"line": 14
 		},
-		{
-		  "code": "security-anchor-rel-noreferrer",
-		  "end": {
-		    "character": 1633,
-		    "column": 79,
-		    "line": 24
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		  "pos": 1554,
-		  "start": {
-		    "character": 1554,
-		    "column": 0,
-		    "line": 24
-		  }
+		"pos": 1034,
+		"start": {
+			"character": 1034,
+			"column": 0,
+			"line": 14
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"end": {
+			"character": 1201,
+			"column": 87,
+			"line": 15
 		},
-		{
-		  "code": "security-anchor-rel-noreferrer",
-		  "end": {
-		    "character": 1721,
-		    "column": 87,
-		    "line": 25
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		  "pos": 1634,
-		  "start": {
-		    "character": 1634,
-		    "column": 0,
-		    "line": 25
-		  }
+		"pos": 1114,
+		"start": {
+			"character": 1114,
+			"column": 0,
+			"line": 15
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"end": {
+			"character": 1277,
+			"column": 75,
+			"line": 16
 		},
-		{
-		  "code": "security-anchor-rel-noreferrer",
-		  "end": {
-		    "character": 1849,
-		    "column": 75,
-		    "line": 27
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		  "pos": 1774,
-		  "start": {
-		    "character": 1774,
-		    "column": 0,
-		    "line": 27
-		  }
+		"pos": 1202,
+		"start": {
+			"character": 1202,
+			"column": 0,
+			"line": 16
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"end": {
+			"character": 1360,
+			"column": 82,
+			"line": 17
 		},
-		{
-		  "code": "security-anchor-rel-noreferrer",
-		  "end": {
-		    "character": 1984,
-		    "column": 82,
-		    "line": 29
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		  "pos": 1902,
-		  "start": {
-		    "character": 1902,
-		    "column": 0,
-		    "line": 29
-		  }
+		"pos": 1278,
+		"start": {
+			"character": 1278,
+			"column": 0,
+			"line": 17
+		}
+	},
+	{
+		"code": "security-anchor-rel-noreferrer",
+		"message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
+		"end": {
+			"character": 1451,
+			"column": 90,
+			"line": 18
 		},
-		{
-		  "code": "security-anchor-rel-noreferrer",
-		  "end": {
-		    "character": 2075,
-		    "column": 90,
-		    "line": 30
-		  },
-		  "message": "Security: Anchor with \"target=_blank\" should have rel attribute containing the value \"noreferrer\"",
-		  "pos": 1985,
-		  "start": {
-		    "character": 1985,
-		    "column": 0,
-		    "line": 30
-		  }
+		"pos": 1361,
+		"start": {
+			"character": 1361,
+			"column": 0,
+			"line": 18
 		}
-]
\ No newline at end of file
+	}
+]