Usage Instructions

Following are the usage instructions for ANT and the command-line tool. Also, the details of how to add custom regular expressions.

ANT Task

In the ANT task version of JSPChecker, the following parameters are available:

dir - specify the directory/ies containing the files to check (regular ANT parameter)
includes - specify the files to include (regular ANT parameter)
failOnMatch (true/false) - causes the build to fail if any of the checks returns true
checkHtmlFont (true/false) - checks for the use of HTML's <FONT> tag
checkHtmlForm (true/false) - checks for the use of HTML's <FORM> tag
checkHtmlInput (true/false) - checks for the use of HTML's <INPUT> and <TEXTAREA> tags
checkHtmlHref (true/false) - checks for the use of HTML's <A> tag (both HREF and NAME)
checkJavaScript (true/false) - checks for the use of JavaScript
checkInPageJava (true/false) - checks for the use of in-page Java (such as <% ... %> )
checkJavaScriptlet (true/false) - checks for the use of scriplets (such as <%=...%> )
checkHtml (true/false) - sets all of the checkHtml* parameters to true so that all of the above HTML tags are covered
customRegexp - allows you to specify a file containing custom regular expressions to check for.
formatter - "plain" or "xml". The formatter type. Defaults to plain. Will only produce output if outputFile is set.
outputFile - The file in which to append the output. Format depends on value of "formatter". Can be merged with output.xsl for a html report (testdata value of output.xsl must be set to root directory of jsp) first.

Example:

<target name="check-jsp">
    	<taskdef resource="jspcheckertask.properties"
    		classpath="jspChecker.jar">
    	</taskdef>
    	<jspchecker
    		dir="${src.web.dir}"
    		customRegexp="${basedir}\custom.txt"
    		includes="**\*.jsp"
    		checkHtml="true"
    		checkJavaScript="true"
    		checkInPageJava="true"
    		checkJavaScriptlet="true"
    		failOnMatch="true"
		formatter="xml"
		outputFile="report.xml"/>
    </target>

Sample output using ANT (with Log4J for logging):

check-jsp:
[jspchecker] D:\work\jspChecker\testdata\header.jsp:67: Illegal use of HTML TEXTAREA
[jspchecker] D:\work\jspChecker\testdata\header.jsp:71: Text input fields must contain a valid maxlength
[jspchecker] D:\work\jspChecker\testdata\header.jsp:64: Illegal use of HTML FORM
[jspchecker] D:\work\jspChecker\testdata\header.jsp:70: Illegal use of HTML FORM
[jspchecker] D:\work\jspChecker\testdata\header.jsp:17: Illegal use of In-page Java <%..%>
[jspchecker] D:\work\jspChecker\testdata\header.jsp:19: Illegal use of In-page Java <%..%>
[jspchecker] D:\work\jspChecker\testdata\header.jsp:42: Illegal use of In-page Java <%..%>
[jspchecker] D:\work\jspChecker\testdata\header.jsp:44: Illegal use of In-page Java <%..%>
[jspchecker] D:\work\jspChecker\testdata\header.jsp:46: Illegal use of In-page Java <%..%>

[jspchecker] D:\work\jspChecker\testdata\header.jsp:18: Illegal use of JavaScript
[jspchecker] D:\work\jspChecker\testdata\header.jsp:66: Illegal use of HTML INPUT
[jspchecker] D:\work\jspChecker\testdata\header.jsp:71: Illegal use of HTML INPUT
[jspchecker] D:\work\jspChecker\testdata\header.jsp:43: Use tiles instead of <template:insert>
[jspchecker] D:\work\jspChecker\testdata\header.jsp:31: Illegal use of HTML A (HREF/NAME)
[jspchecker] D:\work\jspChecker\testdata\header.jsp:71: Text input fields must contain a name
[jspchecker] D:\work\jspChecker\testdata\header.jsp:71: Every JSP must include DOCTYPE: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

BUILD FAILED
file:D:/work/genoa/build.xml:1040: Found 15 illegal expression matches in 1 files.

Command-line Tool

In the command-line tool, the following parameters are available:

-path - specify the directory containing the files to check. (required) E.g. -path=C:\work\project\src\web
-extensions - specify the extensions of files to include (default is "*.jsp,*.html"). E.g. -extensions=*.jsp
-recursive - specify that the check should be recursive on the "-path" value (default is off). E.g. -recursive
-XXXX - switches for the types of tags to check for (default is check nothing):
H - checks for the use of HTML's <FONT>, <FORM>, <A>, <INPUT> and <TEXTAREA> tags
J - checkJavaScript (true/false) - checks for the use of JavaScript
I - checkInPageJava (true/false) - checks for the use of in-page Java (such as <% ... %> )
S - checkJavaScriptlet (true/false) - checks for the use of scriplets (such as <%=...%> )
-custom - allows you to specify a file containing custom regular expressions to check for. E.g. -custom=C:\custom.txt

Example:

>java -jar jspChecker.jar -path=C:\work\project\src\web -recursive -HSIJ -custom=C:\work\project\custom.txt

Sample output (note that multiple instances of a match for the same file are displayed once but included in the total number of matches):

[INFO ] JSPChecker 1.0.0
[INFO ] Copyright (c) 2004 Pamela Jones.
[INFO ] BSD license.  http://sourceforge.net/projects/jspchecker
[INFO ] Performing check of files at D:\work\jspChecker\testdata\header.jsp
[INFO ] D:\work\jspChecker\testdata\header.jsp:71: Text input fields must contain a name
[INFO ] D:\work\jspChecker\testdata\header.jsp:66: Illegal use of HTML INPUT
[INFO ] D:\work\jspChecker\testdata\header.jsp:71: Illegal use of HTML INPUT
[INFO ] D:\work\jspChecker\testdata\header.jsp:18: Illegal use of JavaScript
[INFO ] D:\work\jspChecker\testdata\header.jsp:67: Illegal use of HTML TEXTAREA
[INFO ] D:\work\jspChecker\testdata\header.jsp:64: Illegal use of HTML FORM
[INFO ] D:\work\jspChecker\testdata\header.jsp:70: Illegal use of HTML FORM
[INFO ] D:\work\jspChecker\testdata\header.jsp:71: Text input fields must contain a valid maxlength
[INFO ] D:\work\jspChecker\testdata\header.jsp:31: Illegal use of HTML A (HREF/NAME)
[INFO ] D:\work\jspChecker\testdata\header.jsp:43: Use tiles instead of <template:insert>
[INFO ] D:\work\jspChecker\testdata\header.jsp:17: Illegal use of In-page Java <%..%>

[INFO ] D:\work\jspChecker\testdata\header.jsp:19: Illegal use of In-page Java <%..%>
[INFO ] D:\work\jspChecker\testdata\header.jsp:42: Illegal use of In-page Java <%..%>
[INFO ] D:\work\jspChecker\testdata\header.jsp:44: Illegal use of In-page Java <%..%>
[INFO ] D:\work\jspChecker\testdata\header.jsp:46: Illegal use of In-page Java <%..%<
[INFO ] D:\work\jspChecker\testdata\header.jsp:46: Every JSP must include DOCTYPE: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
[INFO ] JSPChecker found 15 illegal matches.

Custom Regular Expressions

The "custom" parameter, for both clients, causes the task to read in the custom file and add a new check for each line. Thus, the file must contain one regular expression per line. Lines beginning with # are ignored and considered as comments. Lines beginning with ## are used as a description for the regular expression on the next immediate line.

Custom regular expressions may restrict the use of such tags as template:insert (to force the use of Struts Tiles, perhaps), restrict the use of properties such as background-colour=, etc. It is also possible to have two regular expressions on one line, separated by #, to indicate a failure if a match for the first expression does not match the second expression. For example, <input[^>]*type="text".*>#maxlength="[0-9]+" will cause a failure if a text input field is found that does not have a maxlength parameter with a numeric value.

Sample custom file:

#Some sample regular expressions to use are included below.  In future releases,
#some of these may become standard, configurable checks.

#force the use of tiles instead of template:insert
##Use tiles instead of <template:insert>
<template\:insert.*?>

#Example of checking for pages that do NOT contain a tag
##Every JSP must include DOCTYPE: <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
.*#<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">

##Do not use background-color: use CSS instead
background-color[\s]*=[\s]*"

##Text input fields must contain a valid maxlength
<input[^>]*?type="text".*?>#maxlength="[0-9]+"

##Text input fields must contain a name
<input[^>]*?type="text".?>#name=".+"

##Use JSPChecker instead of jspchecker
jspchecker

##Do not use space characters in end tabs
</[a-zA-Z]+[\s]+>

##Use CSS instead of align attribute
align="

##Use <STRONG> (strong emphasis) instead of <B>
<B[^>]*>