Revert "Adjust description to fit improved detection (#3786)" (#3822)

This reverts commit 49c5b1f.
SonarSource · Mar 26, 2024 · 9a2a6c7 · 9a2a6c7
1 parent 49c5b1f
commit 9a2a6c7
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/rules/S5148/html/rule.adoc b/rules/S5148/html/rule.adoc
@@ -2,22 +2,24 @@ include::../description.adoc[]
 
 include::../ask-yourself.adoc[]
 
+include::../recommended.adoc[]
+
 == Sensitive Code Example
 
 [source,html]
 ----
-<a href="http://example.com/" rel="opener" target="_blank"> <!-- Sensitive -->
+<a href="http://example.com/dangerous" target="_blank"> <!-- Sensitive -->
 
-<a href="{{variable}}" rel="opener" target="_blank"> <!-- Sensitive -->
+<a href="{{variable}}" target="_blank"> <!-- Sensitive -->
 ----
 
 == Compliant Solution
 
-In Chrome 88+, Firefox 79+ or Safari 12.1+ ``++target=_blank++`` on anchors implies ``++rel=noopener++`` which makes the protection enabled by default.
+To prevent pages from abusing ``++window.opener++``, use ``++rel=noopener++`` on ``++<a href=>++`` to force its value to be ``++null++`` on the opened pages.
 
 [source,html]
 ----
-<a href="https://example.com/" target="_blank" >
+<a href="http://petssocialnetwork.io" target="_blank" rel="noopener">
 ----
 
 == Exceptions
@@ -26,7 +28,7 @@ No Issue will be raised when ``++href++`` contains a hardcoded relative url as t
 
 [source,html]
 ----
-<a href="internal.html" rel="opener" target="_blank" >
+<a href="internal.html" target="_blank" >
 ----
 
 include::../see.adoc[]

diff --git a/rules/S5148/recommended.adoc b/rules/S5148/recommended.adoc
@@ -1,3 +1,5 @@
 == Recommended Secure Coding Practices
 
 Use ``++noopener++`` to prevent untrusted pages from abusing ``++window.opener++``. 
+
+Note: In Chrome 88+, Firefox 79+ or Safari 12.1+ ``++target=_blank++`` on anchors implies ``++rel=noopener++`` which make the protection enabled by default.