Prevent reverse tabnapping in


There is the rule Web:S5148 for HTML to set noopener attribute on links.
But I could not find a rule for javascript that does the same check for calls.
Have a look at
Reverse Tabnabbing Software Attack | OWASP Foundation and HTML5 Security - OWASP Cheat Sheet Series which recommend to use the correct flags on the call.

Kind regards,

Hello @reitzmichnicht
thanks for this idea, indeed it will be a nice addition to the rule s5148
we created a ticket to support that sonarjs-2621


Thanks a lot, hopefully this will make it in the next updates.