rspec/rules/S5148/description.adoc

A newly opened window having access back to the originating window could allow basic phishing attacks (the ``++window.opener++`` object is not ``++null++`` and thus ``++window.opener.location++`` can be set to a malicious website by the opened page).


For instance, an attacker can put a link (say: "http://example.com/mylink") on a popular website that changes, when opened, the original page to "http://example.com/fake_login". On "http://example.com/fake_login" there is a fake login page which could trick real users to enter their credentials.
Nightly update 2021-05-11 01:20:07 +00:00			A newly opened window having access back to the originating window could allow basic phishing attacks (the ``++window.opener++`` object is not ``++null++`` and thus ``++window.opener.location++`` can be set to a malicious website by the opened page).


			`For instance, an attacker can put a link (say: "http://example.com/mylink") on a popular website that changes, when opened, the original page to "http://example.com/fake_login". On "http://example.com/fake_login" there is a fake login page which could trick real users to enter their credentials.`