- DontNestJsfInJstlIteration: Do not nest JSF component custom actions inside a custom action that iterates over its body.
- NoClassAttribute: Do not use an attribute called ‘class’. Use "styleclass" for CSS styles.
- NoHtmlComments: In a production system, HTML comments increase the payloadbetween the application server to the c…
- NoJspForward: Do not do a forward from within a JSP file.
- DuplicateJspImports: Avoid duplicate import statements inside JSP’s.
- NoInlineScript: Avoid inlining HTML script content. Consider externalizing the HTML script using the ‘src’ attri…
- NoInlineStyleInformation: Style information should be put in CSS files, not in JSPs. Therefore, don’t use <B> or <FONT>tags…
- NoLongScripts: Scripts should be part of Tag Libraries, rather than part of JSP pages.
- NoScriptlets: Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of J…
- JspEncoding: A missing ‘meta’ tag or page directive will trigger this rule, as well as a non-UTF-8 charset.
- IframeMissingSrcAttribute: IFrames which are missing a src element can cause security information popups in IE if you are ac…
- NoUnsanitizedJSPExpression: Avoid using expressions without escaping / sanitizing. This could lead to cross site scripting - …
Basic JSP (
This ruleset is for backwards compatibility.
It contains the following rules:
DuplicateJspImports, IframeMissingSrcAttribute, JspEncoding, NoClassAttribute, NoHtmlComments, NoInlineScript, NoInlineStyleInformation, NoJspForward, NoLongScripts, NoScriptlets, NoUnsanitizedJSPExpression