Incomplete JSP fragments can cause readability errors.

Follow
[nz_btn text="Software Resiliency" link="http://casthighlight.wpengine.com/software-resiliency/" target="_self" animate="false" animation_type="ghost" color="black" size="small" shape="rounded" type="normal" hover_normal="fill" hover_ghost="fill" icon="icon-dashboard"][nz_btn text="Programming Best Practices" target="_self" animate="false" animation_type="ghost" color="black" size="small" shape="rounded" type="ghost" hover_normal="fill" hover_ghost="screen" link="http://casthighlight.wpengine.com/category/product/indicators-methodology/code-insights/software-resiliency/programming-best-practices/" icon="icon-code"]

Why you should care

JSP fragments are a portion of a JSP code passed to a tag handler so it can be invoked as many times as required. They can be considered as a template that is used by a tag handler to produce customized content. A fragment attribute is evaluated by a tag handler during tag invocation unlike a simple attribute which is evaluated by the container. One can define the value of a fragment attribute by using a .jsp attribute element. However when JSP fragments are left incomplete, they cannot be made accessible for client browsers as it can cause readability issues and a symptom for flawed programming practices

Business Impacts

Incomplete JSP fragments are risky because they do present improper programming practice which will be greatly unappealing to potential clients. [nz_btn text="Production Risk" target="_self" animate="false" animation_type="ghost" color="pink" size="small" shape="rounded" type="normal" hover_normal="opacity" hover_ghost="fill" link="http://casthighlight.wpengine.com/category/product/indicators-methodology/risk/" icon="icon-office"]

CAST Recommendations

References

https://docs.oracle.com/cd/E19159-01/819-3669/bnalq/index.html[nz_btn text="Style Guide" target="_self" animate="false" animation_type="ghost" color="turquoise" size="small" shape="rounded" type="ghost" hover_normal="fill" hover_ghost="fill" link="https://github.com/Kristories/awesome-guidelines" icon="icon-book"]

How we detect

This code insight shows JSP fragments that are not complete pages should not be made not accessible for client browsers. But : it is a polemic diag, as explained here : “Some people also believe in putting them under the WEB-INF folder, so that they’re not accessible via a URL. I see no good reason to go to this extreme, since there’s no way to discover their existence from outside of the app-server. On the other hand, there’s a decided maintainability benefit to keeping refactored fragments together with their including file.” http://www.kdgregory.com/index.php?page=jsp.refactoring

About CAST and Highlight’s Code Insights

Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.
[nz_btn text="See features" link="http://casthighlight.wpengine.com/outputs-analytics/" target="_self" icon="icon-stats" animate="false" animation_type="ghost" color="black" size="small" shape="rounded" type="normal" hover_normal="fill" hover_ghost="fill"][nz_btn text="How it works" link="http://casthighlight.wpengine.com/how-it-works/" target="_self" icon="icon-cog" animate="false" animation_type="ghost" color="black" size="small" shape="rounded" type="ghost" hover_normal="fill" hover_ghost="fill"]
For reference only. For the complete details please refer the original article
https://doc.casthighlight.com/alt_filelocation-jsp-fragments-should-always-be-placed-in-web-infjspf/
Have more questions? Submit a request

Comments

Powered by Zendesk