rajeshkumar created the topic: Sonar Support with JSP & HTML
JSP/HTML land, usefull tests could be done via some regexp, ie
check if style/css are used (to avoid dirty colors/fonts hard-coded
for example).
If we want to build something pretty robust and extensible, I think we should integrate a java library which is able to transform a XHTML or badly formatted HTML document into a DOM :
htmlparser.sourceforge.net/
jtidy.sourceforge.net/
sourceforge.net/projects/nekohtml/
a complete list of available libraries is available here : java-source.net/open-source/html-parsers
With a DOM we could then imagine to implement a visitor pattern in order to let users create new rules.
Some very simple rules in order to start.
Rule 1: disallow scriptlets Rule 2: disallow some taglibs (JSTL SQL comes to mind). Could be parametrized by Taglib URL to list all disallowed taglibs. Rule 3: enforce JSP style (XML syntax) Rule 4: disallow hard coded labels Rule 5: disallow dynamic JSP includes (<jsp:include>) Rule 6: disallow external file in page attribute of dynamic JSP include Rule 7: disallow TLD location for URI in taglib declaration For HTML Rule 8: enforce <script> at the end of the body Rule 9: disallow <style> Rule 10: disallow non empty <script> content Rule 11: enforce a limit on the number of called external files (js and css)
Regards,
Rajesh Kumar
Twitt me @ twitter.com/RajeshKumarIn
- Use of runtime variables to save into another variable using register in Ansible - September 6, 2018
- Ansible & Ansible Tower Variable Precedence Hierarchy - September 6, 2018
- How to use template in Ansible? - September 6, 2018