The assistant continues to update, adding related verification functions for JSP and HTML. For other functions of this plugin, please refer to the first and second blog posts of the blog.
There is no related QuickFix function on the JSP page, please refer to the prompts for modification.
At present, many browsers have been upgraded to HTML5. Programmers need to develop and test for various browsers. The process is cumbersome. Adding hints to HTML5 reduces the development cost of programmers and further improves the quality of development.
Up to now, the plug-in has been able to verify the XML configuration of Java, JSP and Ibatis when writing code, which further improves the quality of program code development and reduces the probability of initial errors.
In the future, we will continue to improve the plug-in based on actual work experience, reduce the development difficulty of programmers, and improve the quality of programmers' initial development.
1: Use JSP's EL expression ${} directly on the page, which is easy to cause cross-site scripting attacks, please use jstl's <c:out to replace
2: The c:out tag of jstl, if there is no escapeXml or escapeXml=false, it is easy to cause cross-site scripting attacks, please add the attribute escapeXml=true
3: If there is an HTML comment such as <!-- in HTML, it indicates that this paragraph contains HTML comments, please do not use it, please use JSP comments, JSP comment examples <%-- Comments--%>
4: document.getElementByName appears in the script, prompting the following content. Use document.getElementByName in Javascript. In HTML5, the value will fail due to strict syntax. Please modify it to use document.getElementById to obtain the value.
5: The page character set is unified as UTF-8. If the meta character set is not UTF-8 in the meta of jsp and html, it prompts that the page character set needs to be UTF-8, please modify it to UTF-8
6: In addition to button, checkbox, radio in the page, if there is no id attribute in the <input> tag, the prompt attribute has no ID, in html5, there will be an exception, please add the Id attribute
7: If the same ID is found on the page, it prompts that the ID of this page is repeated, please use another name to name the ID
8: If there is no autocomplete=false attribute in the form, it will prompt the following content: Autocomplete needs to be set to off in browsers that support the HTML5 standard above IE10, otherwise the browser will enable the autocomplete function by default, and prompt the user to input the content that has been entered. It is possible to reveal information about historical information entered by customers
9: <a href='#'> appears on the page, indicating that using # in Firefox will result in returning to the home page and the transaction cannot continue. It is recommended to modify it to javascript:void(0), which is already under chrome, firefox, IE, opera Test passed
10: If you add an ID attribute to the checkbox, the following content should not appear in the checkbox. Please use other methods to obtain the value.
11: If you add the ID attribute to the radiobox and prompt the following content, raido should not have the Id attribute, please use other methods to get the value
12: In the submit method, if there is an onclick method, prompt: the onclick method cannot be used in submit, please replace type="submit" with type="button"