HTML Scan rules
Contrast Scan supports these rules for HTML.
Severity | Contrast rule | Engine rule ID | Description |
|---|---|---|---|
Critical | Sandbox Allow Scripts And Same Origin | OPT.HTML.SandboxAllowScriptsAndSameOrigin | SandboxAllowScriptsAndSameOrigin: Unsafe sandbox with allow-scripts and allow-same-origin |
Critical | Avoid Long Scripts In Pages | OPT.HTML.FORMATO.AvoidLongScriptsInPages | AvoidLongScriptsInPages: Avoid long js scripts |
Critical | All HTML pages must be in the /docs folder | OPT.HTML.OPTIMYTH_HTML.DOCS | DOCS: ALL html pages must be in the /docs folder |
Critical | Defer In Script Tag | OPT.HTML.OPTIMYTH_HTML.DeferInScriptTag | DeferInScriptTag: Use of defer attribute in script tags |
Critical | Link To Js | OPT.HTML.OPTIMYTH_HTML.LinkToJs | LinkToJs: Too many references to external JavaScript files |
Critical | Script Tag Position | OPT.HTML.OPTIMYTH_HTML.ScriptTagPosition | ScriptTagPosition: 'script' tag inside 'body' tag |
Critical | Separate Content And Presentation | OPT.HTML.OPTIMYTH_HTML.SeparateContentAndPresentation | SeparateContentAndPresentation: Do not use JavaScript event handlers in html tags |
Critical | Pages should not exceed 100Kb | OPT.HTML.OPTIMYTH_HTML.TAM | TAM: CAPTIONVALIGNb |
Critical | Missing Password Field Masking | OPT.HTML.MissingPasswordFieldMasking | MissingPasswordFieldMasking: Password input field is not masked |
Critical | Password In Http Get | OPT.HTML.PasswordInHttpGet | PasswordInHttpGet: Password in GET FORM |
High | Path Relative Stylesheet Import | OPT.HTML.PathRelativeStylesheetImport | PathRelativeStylesheetImport: Path-Relative Stylesheet Import. |
High | Target Blank Vulnerability | OPT.HTML.TargetBlankVulnerability | TargetBlankVulnerability: Improper Neutralization of links to external sites |
Info | Form Validation Off | OPT.HTML.FormValidationOff | FormValidationOff: Form validation disabled |
Info | SIZE attribute required in BASEFONT element | OPT.HTML.FORMATO.BFS | BFS: SIZE attribute required in BASEFONT element |
Info | ACTION attribute required | OPT.HTML.FORMULARIOS.ACTN | ACTN: ACTION attribute required |
Info | ALT attribute required | OPT.HTML.FORMULARIOS.ALT2 | ALT2: ALT attribute required |
Info | Wrong TYPE attribute value | OPT.HTML.FORMULARIOS.BTPE | BTPE: Wrong TYPE attribute value |
Info | NAME attribute required | OPT.HTML.FORMULARIOS.NAME | NAME: NAME attribute is required |
Info | TEXTAREA COLS attribute is required | OPT.HTML.FORMULARIOS.TACO | TACO: The TEXTAREA COLS attribute is missed |
Info | TEXTAREA ROWS attribute is required | OPT.HTML.FORMULARIOS.TARO | TARO: TEXTAREA element without ROWS attribute |
Info | VALUE attribute required | OPT.HTML.FORMULARIOS.VALU | VALU: VALUE attribute not found |
Info | HEIGHT and WIDTH attributes required | OPT.HTML.GENERALES.HEWI | HEWI: HEIGHT and WIDTH attributes required |
Info | BLINK element found | OPT.HTML.GENERALES.NOBLINK | NOBLINK: BLINK element found |
Info | MARQUEE element found | OPT.HTML.GENERALES.NOMARQUEE | NOMARQUEE: MARQUEE element found |
Info | SRC attribute not found | OPT.HTML.GENERALES.SRCC | SRCC: SRC attribute not found |
Info | Incorrect TYPE attribute in OL element | OPT.HTML.LISTAS.TYPEOL | TYPEOL: Incorrect TYPE attribute in ol element |
Info | Incorrect TYPE attribute in UL element | OPT.HTML.LISTAS.TYPEUL | TYPEUL: Incorrect TYPE attribute in ul element |
Info | FRAMEBORDER incorrect | OPT.HTML.MARCOS.FRAMEBORDER | FRAMEBORDER: Incorrect FRAMEBORDER |
Info | FRAMESET ROWS or COLS attribute missing | OPT.HTML.MARCOS.FRCR | FRCR: FRAMESET attributes missed |
Info | SCROLLING attribute incorrect | OPT.HTML.MARCOS.SCROLLING | SCROLLING: SCROLLING attribute has an incorrect value |
Info | No header comment found | OPT.HTML.OPTIMYTH_HTML.CBCR | CBCR: Use a header comment for every page |
Info | Incorrect VALIGN attribute | OPT.HTML.TABLAS.CAPTIONVALIGN | CAPTIONVALIGN: incorrect VALIGN attribute |
Info | Incorrect CLEAR attribute | OPT.HTML.TEXTO.BRCLEAR | BRCLEAR: Incorrect CLEAR attribute |
Info | ALT attribute required | OPT.HTML.VARIOUS.ALT1 | ALT1: ALT attribute required |
Info | ALT attribute required | OPT.HTML.VARIOUS.ALT3 | ALT3: ALT attribute required |
Info | Area Shape | OPT.HTML.VARIOUS.AreaShape | AreaShape: incorrect SHAPE attribute |
Info | AREA cordinates not defined | OPT.HTML.VARIOUS.CAREA | CAREA: AREA coordinates non defined |
Info | P A R A M VALUE attribute required E T Y P E | OPT.HTML.VARIOUS.PARAMVALUETYPE | PARAMVALUETYPE: Wrong or not specified VALUETYPE |
Info | Incomplete A element | OPT.HTML.VINCULOS.AINCOMPLETO | AINCOMPLETO: Incomplete A element |
Info | LINK without title attribute | OPT.HTML.VINCULOS.TLINK | TLINK: Link without 'title' attribute. |
Low | Form Without Captcha | OPT.HTML.FormWithoutCaptcha | FormWithoutCaptcha: Form without CAPTCHA |
Low | Add Label For Input Field | OPT.HTML.AddLabelForInputField | AddLabelForInputField: Add a label element for every input element |
Low | File Upload Enabled | OPT.HTML.FileUploadEnabled | FileUploadEnabled: File upload enabled |
Low | Nested Divs | OPT.HTML.NestedDivs | NestedDivs: Avoid using too many nested div elements |
Low | Use descriptive comments | OPT.HTML.OPTIMYTH_HTML.CMNT | CMNT: Use descriptive comments in the pages |
Low | No Javascript | OPT.HTML.OPTIMYTH_HTML.NoJavascript | NoJavascript: Javascript code within html file |
Medium | Specify Integrity Attribute | OPT.HTML.SpecifyIntegrityAttribute | SpecifyIntegrityAttribute: Specify a integrity attribute on the <script> and <link> elements |
Medium | Avoid Inline Styles | OPT.HTML.AvoidInlineStyles | AvoidInlineStyles: Avoid inline styles declaration |
Medium | Avoid Size Attribute On Input Fields | OPT.HTML.AvoidSizeAttributeOnInputFields | AvoidSizeAttributeOnInputFields: Avoid size attribute on input fields |
Medium | Embed Youtube Videos Using Iframe | OPT.HTML.EmbedYoutubeVideosUsingIframe | EmbedYoutubeVideosUsingIframe: Embed Youtube videos into an iFrame |
Medium | Obsolete Attributes | OPT.HTML.ObsoleteAttributes | ObsoleteAttributes: Avoid using HTML 5 obsolete attributes |
Medium | Obsolete Elements | OPT.HTML.ObsoleteElements | ObsoleteElements: Avoid using HTML 5 obsolete elements |
Medium | Use external CSS files | OPT.HTML.OPTIMYTH_HTML.EUCSS | EUCSS: Limited use of CSS stylesheets in HTML pages |
Medium | Noscript Tag | OPT.HTML.OPTIMYTH_HTML.NoscriptTag | NoscriptTag: Use of noscript tag |
Medium | Provide Fallbacks For Multimedia Elements | OPT.HTML.ProvideFallbacksForMultimediaElements | ProvideFallbacksForMultimediaElements: Provide fallback for multimedia elements |
Medium | Scripts At The Bottom | OPT.HTML.ScriptsAtTheBottom | ScriptsAtTheBottom: Put scripts at the bottom of the html body |
Medium | Specify Character Encoding | OPT.HTML.SpecifyCharacterEncoding | SpecifyCharacterEncoding: Indicate the character encoding used |
Medium | Specify Lang Attribute | OPT.HTML.SpecifyLangAttribute | SpecifyLangAttribute: Specify a lang attribute on the root <html> element |
Medium | Stylesheets At The Top | OPT.HTML.StylesheetsAtTheTop | StylesheetsAtTheTop: Avoid importing styles in the html body |
Medium | Use Doc Type | OPT.HTML.UseDocType | UseDocType: Always include a doctype declaration |
Medium | Use Link For C S S Resources | OPT.HTML.UseLinkForCSSResources | UseLinkForCSSResources: Avoid using @import for CSS resources |
Medium | Use S E O Relevant Meta Tags | OPT.HTML.UseSEORelevantMetaTags | UseSEORelevantMetaTags: Use relevant html meta tags for search engines |
Medium | Should Use Content Security Policy | OPT.HTML.CORDOVA.ShouldUseContentSecurityPolicy | ShouldUseContentSecurityPolicy: Add a CSP to every page |
Medium | Autocomplete On For Sensitive Fields | OPT.HTML.AutocompleteOnForSensitiveFields | AutocompleteOnForSensitiveFields: Autocomplete enabled for sensitive form fields |