Index of all built-in rules available for Java Server Pages

Best Practices

Rules which enforce generally accepted best practices.
  • DontNestJsfInJstlIteration: Do not nest JSF component custom actions inside a custom action that iterates over its body.
  • NoClassAttribute: Do not use an attribute called ‘class’. Use "styleclass" for CSS styles.
  • NoHtmlComments: In a production system, HTML comments increase the payload between the application server to the …
  • NoJspForward: Do not do a forward from within a JSP file.

Code Style

Rules which enforce a specific coding style.


Rules that help you discover design issues.
  • NoInlineScript: Avoid inlining HTML script content. Consider externalizing the HTML script using the ‘src’ attri…
  • NoInlineStyleInformation: Style information should be put in CSS files, not in JSPs. Therefore, don’t use <B> or <FONT> tag…
  • NoLongScripts: Scripts should be part of Tag Libraries, rather than part of JSP pages.
  • NoScriptlets: Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of J…

Error Prone

Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
  • JspEncoding: A missing ‘meta’ tag or page directive will trigger this rule, as well as a non-UTF-8 charset.


Rules that flag potential security flaws.
  • IframeMissingSrcAttribute: IFrames which are missing a src element can cause security information popups in IE if you are ac…
  • NoUnsanitizedJSPExpression: Avoid using expressions without escaping / sanitizing. This could lead to cross site scripting - …

Additional rulesets