Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 32 Next »

Description / Features

This plugin enables analysis of XML files within Sonar.

Some main use cases are:

  • Validation of XHTML files by using the XHTML schemas as provided by the W3C (strict, transitional, and others). Quickly validate the markup of a set of XHTML files. 
  • Validation of XML files for conformance to the provided XML schema.
  • Validation of rules in XML files (ex: validate the Maven pom files for conformance to coding standards)


  1. Install the XML plugin through the Update Center or download it into the SONAR_HOME/extensions/plugins directory
  2. Restart the Sonar server


Run a Sonar Analysis with the Sonar Runner (Recommended Way)

To launch a Sonar analysis of your XML project, use the Sonar Runner.

A sample project is available on github that can be browsed or downloaded: /projects/languages/xml/xml-sonar-runner.

Run a Sonar Analysis with the other Analyzers

Maven and Ant can also be used to launch analysis on Web projects.

Advanced Properties

The following properties of the plugin are configurable:



default value


file extensions that will be scanned

xml, xhtml


additional filter for the files to be scanned


Schema Validation


The rules profile contains the check XmlSchemaCheck. This check can be copied and instantiated multiple times. 

The check has two properties: 





filter for the files to be validated with this check



namespace of schema to use for validation

e.g. xhtml1-strict for a built-in schema
schemas/xsd/mycustomschema.xsd for a schema on filesystem

If you specify schemas=autodetect the parser will try to load the schema based on the doctype or the namespace declaration in the document.


Schema validation is performed by the xerces parser using XML schemas (XSDs). The plugin has a couple of schema's available:

namespace or short name






XHTML1.0 Strict


-//W3C//DTD XHTML 1.0 Strict//EN

XHTML1.0 Strict


-//W3C//DTD XHTML 1.0 Transitional//EN



-//W3C//DTD XHTML 1.0 Frameset//EN

XHTML1.0 Frameset


-//W3C//DTD XHTML 1.1 Strict//EN



JSF core




JSF Facelets


Maven Project Model


  • You can use the names in the first column to identify the schema for validation, e.g. sonar.xml.schemas=xhtml1-transitional.
  • For validation of XHTML files it is recommended to use autodetect, xhtml1-transitional or xhtml1-strict. 
  • If you specify autodetect the plugin will try to detect the schema from the document itself. 
  • There is no XML schema for HTML 5 provided by W3C.
  • If you need to check with another schema, you can provide the path or URL to the schema. The plugin will search for the schema by URL then fallback on filesystem using a relative path.

XPath Check

The XPath Check allows to specify checks on XML documents using XPath expressions. 

The purpose of the check is to look for nodes and attributes that are not allowed. In Sonar, you can create the XPath rules while editing the rules profile.

In Sonar, go to the configuration pages where you can edit the Quality Profiles. The first step is to make a copy of the Sonar Way profile so you can start editing the rules in your own profile. Now select the XPath rule. The rule has two properties: expression for the XPath expression, and filePattern to specify files to be included (e.g. */myfiles/.xml). The XPath expression should look for nodes or attributes that are not allowed.

In the quality profile you can make multiple XPath rules, in the same way as is done for PMD, see this page for documentation: Quality Profiles

Example expressions:




Find all occurrences of <b>


Find all occurrences of td with the deprecated attribute nowrap

The XPath expression language is extremely powerful. It would be possible to create rich libraries of checks using XPath expressions. The XPath Check can be instantiated multiple times in a rules profile.

Plugin Architecture

The plugin uses the Xerces library for parsing and validation:

Change Log


Release 1.0 (not yet released) (15 issues)



Release 0.2 (9 issues)



Release 0.1 (3 issues)

  • No labels