Use 'setToolTipText(HtmlChunk)' to avoid HTML injections

Reports usages of JComponent.setToolTipText(String).

Passing raw strings may cause accidental HTML injections because IntelliJ Platform interprets HTML markup when renders the tooltip text. com.intellij.ide.HelpTooltipKt.setToolTipText(HtmlChunk) should be used instead of JComponent.setToolTipText(String). Use HtmlChunk.text() to safely escape text, especially in cases when text can contain user input or project content (for example, file names). Or use HtmlChunk.raw() if the tooltip supposes to contain HTML.

Example:

// Bad — raw string may contain HTML injection:
component.setToolTipText(text)

// Good — text is escaped:
component.setToolTipText(HtmlChunk.text(text))

Locating this inspection

By ID

Can be used to locate inspection in e.g. Qodana configuration files, where you can quickly enable or disable it, or adjust its settings.

UseHtmlChunkToolTip

Via Settings dialog

Path to the inspection settings via IntelliJ Platform IDE Settings dialog, when you need to adjust inspection settings directly from your IDE.

Settings or Preferences | Editor | Inspections | Plugin DevKit | Code

Inspection ID: UseHtmlChunkToolTip

Suppressing Inspection

You can suppress this inspection by placing the following comment marker before the code fragment where you no longer want messages from this inspection to appear:

//noinspection UseHtmlChunkToolTip

More detailed instructions as well as other ways and options that you have can be found in the product documentation:

IntelliJ IDEA 2026.1

Inspection Details
By default bundled with:	IntelliJ IDEA 2026.1, Qodana for JVM 2026.1,

Last modified: 31 March 2026