SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

HTML static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your HTML code

Security Hotspot3

Filtered: 6 rules found

jsp-jsf

Impact

Clean code attribute

JSP expressions should not be used

Code Smell

MajorSonarSource default severity
click to learn more

Why is this an issue?

JSP expressions (using <%= ... %>) have been deprecated because they:

Are not unit testable.
Are not reusable.
Cannot make use of object oriented concepts such as inheritence.
Have poor error handling capabilities: if an exception is thrown, an empty page is rended.
Mix the business and presentation logic.

JSP Standard Tag Library (JSTL) and Expression Language should be used instead, enabiling the adoption of the model-view-controller (MVC) design pattern which reduces the coupling between the presentation tier and the business logic.

Noncompliant code example

<input type="text" name="foo" value="<%= request.getParameter("foo") %>" />

Compliant solution

<input type="text" name="foo" value="${fn:escapeXml(param.foo)}" />

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI