Basic JSP rules

Rules concerning basic JSP guidelines.

NoLongScripts

Since: PMD 3.6

Scripts should be part of Tag Libraries, rather than part of JSP pages.

This rule is defined by the following XPath expression:

					 
// Element [ string:upper-case(@Name)="SCRIPT" and (@EndLine - @BeginLine > 10) ]
				
				

Example:

                
			
<HTML>
<BODY>
<!--Java Script-->
<SCRIPT language="JavaScript" type="text/javascript">
<!--
function calcDays(){
  var date1 = document.getElementById('d1').lastChild.data;
  var date2 = document.getElementById('d2').lastChild.data;
  date1 = date1.split("-");
  date2 = date2.split("-");
  var sDate = new Date(date1[0]+"/"+date1[1]+"/"+date1[2]);
  var eDate = new Date(date2[0]+"/"+date2[1]+"/"+date2[2]);
  var daysApart = Math.abs(Math.round((sDate-eDate)/86400000));
  document.getElementById('diffDays').lastChild.data = daysApart;
}

onload=calcDays;
//-->
</SCRIPT>
</BODY>
</HTML>
			
		
            

NoScriptlets

Since: PMD 3.6

Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of JSP pages.

This rule is defined by the following XPath expression:

					
					//JspScriptlet
					|
					//Element[ string:upper-case(@Name)="JSP:SCRIPTLET" ]
					
				

Example:

                
			 
<HTML>
<HEAD>
<%
response.setHeader("Pragma", "No-cache");
%>
</HEAD>
	<BODY>
		<jsp:scriptlet>String title = "Hello world!";</jsp:scriptlet>
	</BODY>
</HTML>
					 
		
            

NoInlineStyleInformation

Since: PMD 3.6

Style information should be put in CSS files, not in JSPs. Therefore, don't use <B> or <FONT> tags, or attributes like "align='center'".

This rule is defined by the following Java class: net.sourceforge.pmd.jsp.rules.NoInlineStyleInformation

Example:

                
			
<html><body><p align='center'><b>text</b></p></body></html>
			
		
            

NoClassAttribute

Since: PMD 3.6

Do not use an attribute called 'class'. Use "styleclass" for CSS styles.

This rule is defined by the following XPath expression:

					 //Attribute[ string:upper-case(@Name)="CLASS" ]  
				

Example:

                
			
<HTML> <BODY>
<P class="MajorHeading">Some text</P>
</BODY> </HTML>
			
		
            

NoJspForward

Since: PMD 3.6

Do not do a forward from within a JSP file.

This rule is defined by the following XPath expression:

					 //Element[ @Name="jsp:forward" ]  
				

Example:

                
			
<jsp:forward page='UnderConstruction.jsp'/>
			
		
            

IframeMissingSrcAttribute

Since: PMD 3.6

IFrames which are missing a src element can cause security information popups in IE if you are accessing the page through SSL. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q261188

This rule is defined by the following XPath expression:

					 
	//Element[string:upper-case(@Name)="IFRAME"][count(Attribute[string:upper-case(@Name)="SRC" ]) = 0]
					 
				

Example:

                
			
<HTML><title>bad example><BODY>
<iframe></iframe>
</BODY> </HTML>

<HTML><title>good example><BODY>
<iframe src="foo"></iframe>
</BODY> </HTML>
			
		
            

NoHtmlComments

Since: PMD 3.6

In a production system, HTML comments increase the payload between the application server to the client, and serve little other purpose. Consider switching to JSP comments.

This rule is defined by the following XPath expression:

					 
	//CommentTag
					 
				

Example:

                
			
<HTML><title>bad example><BODY>
<!-- HTML comment -->
</BODY> </HTML>

<HTML><title>good example><BODY>
<%-- JSP comment --%>
</BODY> </HTML>
			
		
            

DuplicateJspImports

Since: PMD 3.7

Avoid duplicate import statements inside JSP's.

This rule is defined by the following Java class: net.sourceforge.pmd.jsp.rules.DuplicateJspImports

Example:

                
			 
<%@ page import=\"com.foo.MyClass,com.foo.MyClass\"%><html><body><b><img src=\"<%=Some.get()%>/foo\">xx</img>text</b></body></html>
			 
		
            

JspEncoding

Since: PMD

A missing 'meta' tag or page directive will trigger this rule, as well as a non-UTF-8 charset.

This rule is defined by the following XPath expression:

                    
//Content[
not(Element[@Name="meta"][
   Attribute[@Name="content"]/AttributeValue[contains(string:lower-case(@Image),"charset=utf-8")]
]) 
and 
    not(JspDirective[@Name='page']/JspDirectiveAttribute[@Name='contentType'][contains(string:lower-case(@Value),"charset=utf-8")])
]
                    
                

Example:

                
            
                Most browsers should be able to interpret the following headers:
                
                <%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %>
                    
                <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />