Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 28 Next »

Description / Features

Any XML file can be validated with this plugin. The plugin provides static code analysis of XML files within Sonar. Typical use cases are validation of files for coding or usability standards. 

The following functionality is provided:

  • XML validation
  • XML schema validation
  • Configurable rules using XPath
  • sizing (files, lines of code)

The XML validation is available out-of-the box. The configurable XPath rules requires some knowledge of XPath.

The plugin scans the following files by default: .xml, .xhtml. The file extensions and the file inclusion patterns are configurable. 

The plugin imports the XML files in Sonar, and performs the validations. The checks are configurable in the Sonar rules repository. 

Use Cases

Typical use cases:

- validation of XHTML files

By using the XHTML schemas as provided by the W3C (strict, transitional, and others) quickly validate the markup of a set of XHTML files. 

- validation of XML files

Validate a set of XML files for conformance to the provided XML schema. 

- Validate rules in XML files 

e.g. validate the maven pom files for conformance to coding standards.


  1. Install the XML plugin through the Update Center or download it into the SONAR_HOME/extensions/plugins directory
  2. Restart the Sonar server


Run a Sonar Analysis with the Sonar Runner (Recommended Way)

To launch a Sonar analysis of your XML project, use the Sonar Runner.

A sample project is available on github that can be browsed or downloaded: /projects/languages/xml/xml-sonar-runner.

Run a Sonar Analysis with the other Analyzers

Maven and Ant can also be used to launch analysis on Web projects.

Advanced Properties

The following properties of the plugin are configurable:



default value


folder that will be scanned (relative to project root)



file extensions that will be scanned

xml, xhtml


additional filter for the files to be scanned



namespace of schema to use for validation



Schema Validation


The rules profile contains the check XmlSchemaCheck. This check can be copied and instantiated multiple times. 

The check has two properties: 





filter for the files to be validated with this check



namespace of schema to use for validation

e.g. xhtml1-strict for a built-in schema
schemas/xsd/mycustomschema.xsd for a schema on filesystem

If you specify schemas=autodetect the parser will try to load the schema based on the doctype or the namespace declaration in the document.

Note that the project setting sonar.xml.schemas is a shortcut for configuring the property schemas on the check itself. The project setting will override the setting in the XMLSchemaCheck itself.


Schema validation is performed by the xerces parser using XML schemas (XSDs). The plugin has a couple of schema's available:

namespace or short name






XHTML1.0 Strict


-//W3C//DTD XHTML 1.0 Strict//EN

XHTML1.0 Strict


-//W3C//DTD XHTML 1.0 Transitional//EN



-//W3C//DTD XHTML 1.0 Frameset//EN

XHTML1.0 Frameset


-//W3C//DTD XHTML 1.1 Strict//EN



JSF core




JSF Facelets


Maven Project Model


  • You can use the names in the first column to identify the schema for validation, e.g. sonar.xml.schemas=xhtml1-transitional.
  • For validation of XHTML files it is recommended to use autodetect, xhtml1-transitional or xhtml1-strict. 
  • If you specify autodetect the plugin will try to detect the schema from the document itself. 
  • There is no XML schema for HTML 5 provided by W3C.
  • If you need to check with another schema, you can provide the path to the schema. The plugin will search for the schema on filesystem using a relative path. 

Rules Profile

There are quite a few checks related to XML validation. Each check corresponds to a certain rule. The checks are grouped in two categories: XML Violations and XMLSchema Violations. The checks are derived from the error and warning messages provided by the Xerces parser. In the rules profile, you can disable checks or provide another priority for a check. Please note that the XmlSchemaCheck must always be active.

XPath Check

The XPath Check allows to specify checks on XML documents using XPath expressions. 

The purpose of the check is to look for nodes and attributes that are not allowed. In Sonar, you can create the XPath rules while editing the rules profile.

In Sonar, goto the configuration pages where you can edit the Quality Profiles. The first step is to make a copy of the Default XML profile so you can start editing the rules in your own profile. Now select the XPath rule. The rule has two properties: expression for the XPath expression, and filePattern to specify files to be included (e.g. */myfiles/.xml). The XPath expression should look for nodes or attributes that are not allowed.

In the quality profile you can make multiple XPath rules, in the same way as is done for PMD, see this page for documentation: Quality Profiles

Example expressions:




Find all occurrences of <b>


Find all occurrences of td with the deprecated attribute nowrap

The XPath expression language is extremely powerful. It would be possible to create rich libraries of checks using XPath expressions. The XPath Check can be instantiated multiple times in a rules profile.

Maven POM Validation

Maven POM Validation per project

Recursively check the pom file in a project and its subprojects. The plugin has a schema for maven pom file that follows the code conventions as documented by the maven team here. The maven schema was adopted to validate for the order of the elements as documented in the code conventions. 

sourceDirectory is set to . means all files in the project are scanned.
includeFileFilter specifies to scan only pom.xml files (relative path to project root). So only the pom file in the current project will be scanned. 
schemas is set to maven namespace so all pom files will be validated with the maven xml schema.

Maven POM Validation (quick)

Quickly validate all pom files in a project and its subprojects. This method is faster than the above method because it does not recurse into each child module. 

-N is specified so only the root project will be analyzed by maven.
sourceDirectory is set to . means all files in the project are scanned.
includeFileFilter specifies to scan all pom.xml files. With this filter, also pom files in child modules will be scanned. 
schemas is set to maven namespace so all pom files will be validated with the maven xml schema.

Plugin Architecture

The plugin uses the Xerces library for parsing and validation.

Change Log


Release 0.2 (9 issues)



Release 0.1 (3 issues)

  • No labels