org.sonar.l10n.web.rules.Web.JspScriptletCheck.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-web-plugin Show documentation
Show all versions of sonar-web-plugin Show documentation
Analyze HTML (also within PHP/Ruby/etc. templates) and JSP/JSF code.
The newest version!
JSP expressions (using <%= ... %>
have been deprecated because they:
- Are not unit testable.
- Are not reusable.
- Cannot make use of object oriented concepts such as inheritence.
- Have poor error handling capabilities: if an exception is thrown, an empty page is rended.
- Mix the business and presentation logic.
JSP Standard Tag Library (JSTL) and Expression Language should be used instead,
enabiling the adoption of the model-view-controller (MVC) design pattern
which reduces the coupling between the presentation tier and the business logic.
Noncompliant Code Example
<input type="text" name="foo" value="<%= request.getParameter("foo") %>" />
Compliant Solution
<input type="text" name="foo" value="${fn:escapeXml(param.foo)}" />