org.sonar.l10n.web.rules.Web.JspScriptletCheck.html Maven / Gradle / Ivy
Go to download
Show more of this group Show more artifacts with this name
Show all versions of sonar-web-plugin Show documentation
Show all versions of sonar-web-plugin Show documentation
Enables scanning of HTML, and JSP/JSF files.
JSP expressions (using <%= ... %>
have been deprecated because they:
- Are not unit testable.
- Are not reusable.
- Cannot make use of object oriented concepts such as inheritence.
- Have poor error handling capabilities: if an exception is thrown, an empty page is rended.
- Mix the business and presentation logic.
JSP Standard Tag Library (JSTL) and Expression Language should be used instead, enabiling the adoption of the model-view-controller (MVC) design
pattern which reduces the coupling between the presentation tier and the business logic.
Noncompliant Code Example
<input type="text" name="foo" value="<%= request.getParameter("foo") %>" />
Compliant Solution
<input type="text" name="foo" value="${fn:escapeXml(param.foo)}" />
© 2015 - 2024 Weber Informatics LLC | Privacy Policy