Limited Time Offer!

For Less Than the Cost of a Starbucks Coffee, Access All DevOpsSchool Videos on YouTube Unlimitedly.
Master DevOps, SRE, DevSecOps Skills!

Enroll Now

Sonar Support with JSP & HTML

JSP/HTML land, usefull tests could be done via some regexp, ie check if style/css are used (to avoid dirty colors/fonts hard-coded for example).

If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM :

http://htmlparser.sourceforge.net/
http://jtidy.sourceforge.net/
http://sourceforge.net/projects/nekohtml/

a complete list of available libraries is available here : http://java-source.net/open-source/html-parsers

With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.

Some very simple rules in order to start.
Rule 1: disallow scriptlets
Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs.
Rule 3: enforce JSP style (XML syntax)
Rule 4: disallow hard coded labels
Rule 5: disallow dynamic JSP includes (<jsp:include>)
Rule 6: disallow external file in page attribute of dynamic JSP include
Rule 7: disallow TLD location for URI in taglib declaration
For HTML
Rule 8: enforce <script> at the end of the body
Rule 9: disallow <style>
Rule 10: disallow non empty <script> content
Rule 11: enforce a limit on the number of called external files (js and css)

Mantosh Singh
Subscribe
Notify of
guest
0 Comments
Newest
Oldest Most Voted
Inline Feedbacks
View all comments
0
Would love your thoughts, please comment.x
()
x