Index of all built-in rules available for Java Server Pages
Best Practices
Rules which enforce generally accepted best practices.
- DontNestJsfInJstlIteration: Do not nest JSF component custom actions inside a custom action that iterates over its body.
- NoClassAttribute: Do not use an attribute called ‘class’. Use "styleclass" for CSS styles.
- NoHtmlComments: In a production system, HTML comments increase the payload between the application server to the …
- NoJspForward: Do not do a forward from within a JSP file.
Code Style
Rules which enforce a specific coding style.
- DuplicateJspImports: Avoid duplicate import statements inside JSP’s.
Design
Rules that help you discover design issues.
- NoInlineScript: Avoid inlining HTML script content. Consider externalizing the HTML script using the ‘src’ attri…
- NoInlineStyleInformation: Style information should be put in CSS files, not in JSPs. Therefore, don’t use <B> or <FONT> tag…
- NoLongScripts: Scripts should be part of Tag Libraries, rather than part of JSP pages.
- NoScriptlets: Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of J…
Error Prone
Rules to detect constructs that are either broken, extremely confusing or prone to runtime errors.
- JspEncoding: A missing ‘meta’ tag or page directive will trigger this rule, as well as a non-UTF-8 charset.
Security
Rules that flag potential security flaws.
- IframeMissingSrcAttribute: IFrames which are missing a src element can cause security information popups in IE if you are ac…
- NoUnsanitizedJSPExpression: Avoid using expressions without escaping / sanitizing. This could lead to cross site scripting - …
Additional rulesets
-
Basic JSP (
rulesets/jsp/basic.xml
):Deprecated This ruleset is for backwards compatibility.
It contains the following rules:
DuplicateJspImports, IframeMissingSrcAttribute, JspEncoding, NoClassAttribute, NoHtmlComments, NoInlineScript, NoInlineStyleInformation, NoJspForward, NoLongScripts, NoScriptlets, NoUnsanitizedJSPExpression