Wednesday, September 28, 2011

PMD - JSP and JSF Rules

This is the twenty third installment of explanation of PMD rules covering rules related to JSP and JSF

Basic JSF rules

Rules concerning basic JSF guidelines.

DontNestJsfInJstlIteration

Do not nest JSF component custom actions inside a custom action that iterates over its body.

Example

                           
                                       
  •                        

Basic JSP rules

Rules concerning basic JSP guidelines.

NoLongScripts

Scripts should be part of Tag Libraries, rather than part of JSP pages.

Example

NoScriptlets

Scriptlets should be factored into Tag Libraries or JSP declarations, rather than being part of JSP pages.

Example

<%
response.setHeader("Pragma", "No-cache");
%>
           
                        String title = "Hello world!";
           

NoInlineStyleInformation

Style information should be put in CSS files, not in JSPs. Therefore, don't use or tags, or attributes like "align='center'".

Example

text

NoClassAttribute

Do not use an attribute called 'class'. Use "styleclass" for CSS styles.

Example

 
Some text
 

NoJspForward

Do not do a forward from within a JSP file.

Example

IframeMissingSrcAttribute

IFrames which are missing a src element can cause security information popups in IE if you are accessing the page through SSL. See http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q261188

Example

bad example><BODY><o:p></o:p></span></p> <p class="MsoNormal"><span><iframe></iframe><o:p></o:p></span></p> <p class="MsoNormal"><span></BODY> </HTML><o:p></o:p></span></p> <p class="MsoNormal"><span><o:p> </o:p></span></p> <p class="MsoNormal"><span><HTML><title>good example><BODY><o:p></o:p></span></p> <p class="MsoNormal"><span><iframe src="foo"></iframe><o:p></o:p></span></p> <p class="MsoNormal"><span></BODY> </HTML><o:p></o:p></span></p> <h2><span>NoHtmlComments<o:p></o:p></span></h2> <p class="MsoNormal">In a production system, HTML comments increase the payload between the application server to the client, and serve little other purpose. Consider switching to JSP comments.</p> <h3><span>Example<o:p></o:p></span></h3> <p class="MsoNormal"><span><HTML><title>bad example><BODY><o:p></o:p></span></p> <p class="MsoNormal"><span><!-- HTML comment --><o:p></o:p></span></p> <p class="MsoNormal"><span></BODY> </HTML><o:p></o:p></span></p> <p class="MsoNormal"><span><o:p> </o:p></span></p> <p class="MsoNormal"><span><HTML><title>good example><BODY><o:p></o:p></span></p> <p class="MsoNormal"><span><%-- JSP comment --%><o:p></o:p></span></p> <p class="MsoNormal"><span></BODY> </HTML><o:p></o:p></span></p> <h2><span>DuplicateJspImports<o:p></o:p></span></h2> <p class="MsoNormal">Avoid duplicate import statements inside JSP's.</p> <h3><span>Example<o:p></o:p></span></h3> <p class="MsoNormal"><span><%@ page import=\"com.foo.MyClass,com.foo.MyClass\"%><o:p></o:p></span></p> <p class="MsoNormal"><span><html><body><b><img src=\"<%=Some.get()%>/foo\">xx</img>text</b></body></html><o:p></o:p></span></p> <h2><span>JspEncoding<o:p></o:p></span></h2> <p class="MsoNormal">A missing 'meta' tag or page directive will trigger this rule, as well as a non-UTF-8 charset.</p> <h3><span>Example<o:p></o:p></span></h3> <p class="MsoNormal"><span>Most browsers should be able to interpret the following headers:<o:p></o:p></span></p> <p class="MsoNormal"><span><span>                </span><o:p></o:p></span></p> <p class="MsoNormal"><span><span>                </span><%@ page contentType="text/html; charset=UTF-8" pageEncoding="UTF-8" %><o:p></o:p></span></p> <p class="MsoNormal"><span><span>                    </span><o:p></o:p></span></p> <p class="MsoNormal"><span><span>               </span><span> </span><meta http-equiv="Content-Type"  content="text/html; charset=UTF-8" /><o:p></o:p></span></p><p></p></DIV>

No comments: