SonarSource Rules
  • Products

    In-IDE

    Code Quality and Security in your IDE with SonarQube Ide

    IDE extension that lets you fix coding issues before they exist!

    Discover SonarQube for IDE

    SaaS

    Code Quality and Security in the cloud with SonarQube Cloud

    Setup is effortless and analysis is automatic for most languages

    Discover SonarQube Cloud

    Self-Hosted

    Code Quality and Security Self-Hosted with SonarQube Server

    Fast, accurate analysis; enterprise scalability

    Discover SonarQube Server
  • SecretsSecrets
  • ABAPABAP
  • AnsibleAnsible
  • ApexApex
  • AzureResourceManagerAzureResourceManager
  • CC
  • C#C#
  • C++C++
  • CloudFormationCloudFormation
  • COBOLCOBOL
  • CSSCSS
  • DartDart
  • DockerDocker
  • FlexFlex
  • GitHub ActionsGitHub Actions
  • GoGo
  • HTMLHTML
  • JavaJava
  • JavaScriptJavaScript
  • JSONJSON
  • JCLJCL
  • KotlinKotlin
  • KubernetesKubernetes
  • Objective CObjective C
  • PHPPHP
  • PL/IPL/I
  • PL/SQLPL/SQL
  • PythonPython
  • RPGRPG
  • RubyRuby
  • RustRust
  • ScalaScala
  • ShellShell
  • SwiftSwift
  • TerraformTerraform
  • TextText
  • TypeScriptTypeScript
  • T-SQLT-SQL
  • VB.NETVB.NET
  • VB6VB6
  • XMLXML
  • YAMLYAML
HTML

HTML static code analysis

Unique rules to find Bugs, Security Hotspots, and Code Smells in your HTML code

  • All rules 83
  • Bug23
  • Security Hotspot3
  • Code Smell57
 
Tags
    Impact
      Clean code attribute
        1. Table cells should reference their headers

           Bug
        2. Tables used for layout should not include semantic markup

           Bug
        3. Tables should have headers

           Bug
        4. "<html>" element should have a language attribute

           Bug
        5. <script>...</script> elements should not be nested

           Bug
        6. Labels should be defined in the resource bundle

           Bug
        7. All HTML tags should be closed

           Bug
        8. JSF expressions should be syntactically valid

           Bug
        9. "<th>" tags should have "id" or "scope" attributes

           Bug
        10. "<strong>" and "<em>" tags should be used

           Bug
        11. Image tags should have "width" and "height" attributes

           Bug
        12. "input", "select" and "textarea" tags should be labeled

           Bug
        13. "<title>" should be present in all pages

           Bug
        14. "<!DOCTYPE>" declarations should appear before "<html>" tags

           Bug
        15. "<li>" and "<dt>" item tags should be in "<ul>", "<ol>" or "<dl>" container tags

           Bug
        16. Server-side image maps ("ismap" attribute) should not be used

           Bug
        17. "<frames>" should have a "title" attribute

           Bug
        18. "<fieldset>" tags should contain a "<legend>"

           Bug
        19. Flash animations should be embedded using the window mode

           Bug
        20. Flash animations should be embedded using both "<object>" and "<embed>"

           Bug
        21. "<table>" tags should have a description

           Bug
        22. Elements deprecated in HTML5 should not be used

           Bug
        23. Mouse events should have corresponding keyboard events

           Bug

        <script>...</script> elements should not be nested

        intentionality - logical
        reliability
        Bug

          Why is this an issue?

          When parsing a script node, the browser treats its contents as plain text, and immediately finishes parsing when it finds the first closing </script> character sequence.

          As a consequence, nested script nodes are not possible, because all opening <script> tags found along the way are ignored.

          Web browsers doesn’t support nested <script>...</script> elements. But there is no error in such case and browsers just close the first encountered <script> tag as soon as a closing </script> tag is found along the way. So there is a big chance to display something totally unexpected to the end-users.

          Noncompliant code example

          <script type="text/template">
            <div>
              Hello!
            </div>
            <script type="text/javascript">  <!-- Noncompliant -->
              alert("Hi!");
            </script>
          </script>
          

          Compliant solution

          <script type="text/javascript">
            alert("Hi!");
          </script>
          
          <script type="text/template">
            <div>
              Hello!
            </div>
          </script>
          
            Available In:
          • SonarQube IdeCatch issues on the fly,
            in your IDE
          • SonarQube CloudDetect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories
          • SonarQube Community BuildAnalyze code in your
            on-premise CI
            Available Since
            9.1
          • SonarQube ServerAnalyze code in your
            on-premise CI
            Developer Edition
            Available Since
            9.1

          © 2008-2025 SonarSource SA. All rights reserved.

          Privacy Policy | Cookie Policy | Terms of Use