1
2
3
4 package net.sourceforge.pmd.lang.jsp.rule.basic;
5
6 import net.sourceforge.pmd.lang.jsp.ast.ASTElExpression;
7 import net.sourceforge.pmd.lang.jsp.ast.ASTElement;
8 import net.sourceforge.pmd.lang.jsp.rule.AbstractJspRule;
9
10
11
12
13
14
15 public class NoUnsanitizedJSPExpressionRule extends AbstractJspRule {
16 @Override
17 public Object visit(ASTElExpression node, Object data) {
18 if (elOutsideTaglib(node)) {
19 addViolation(data, node);
20 }
21
22 return super.visit(node, data);
23 }
24
25 private boolean elOutsideTaglib(ASTElExpression node) {
26 ASTElement parentASTElement = (ASTElement) node.getFirstParentOfType(ASTElement.class);
27
28 boolean elInTaglib = parentASTElement != null && parentASTElement.getName() != null
29 && parentASTElement.getName().contains(":");
30
31 boolean elWithFnEscapeXml = node.getImage() != null && node.getImage().matches("^fn:escapeXml\\(.+\\)$");
32
33 return !elInTaglib && !elWithFnEscapeXml;
34 }
35
36 }