Class UrlUtil
- java.lang.Object
-
- com.vaadin.flow.internal.UrlUtil
-
public class UrlUtil extends Object
Internal utility class for URL handling.For internal use only. May be renamed or removed in a future release.
- Since:
- 2.0
- Author:
- Vaadin Ltd
-
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description static StringencodeURI(String uri)Encodes a full URI.static StringencodeURIComponent(String path)Encodes a path segment of a URI.static StringgetServletPathRelative(String absolutePath, javax.servlet.http.HttpServletRequest request)Returns the given absolute path as a path relative to the servlet path.static StringgetUnsafeUrlMessage(String type, String url, String unsafeMethod)Builds the message for theIllegalArgumentExceptionthat a validating URL setter throws when given a URL whose scheme is not considered safe.static booleanisExternal(String url)checks if the given url is an external URL (e.g.static booleanisSafeUrl(String url)Checks whether the scheme of the given URL is considered safe by the current deployment configuration.
-
-
-
Method Detail
-
isExternal
public static boolean isExternal(String url)
checks if the given url is an external URL (e.g. staring with http:// or https://) or not.- Parameters:
url- is the url to be checked.- Returns:
- true if the url is external otherwise false.
-
encodeURI
public static String encodeURI(String uri)
Encodes a full URI.Corresponds to encodeURI in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
The path can contain
/and other special URL characters as these will not be encoded. SeeencodeURIComponent(String)if you want to encode all special characters.The following characters are not escaped: A-Za-z0-9;,/?:@&=+$-_.!~*'()#
- Parameters:
uri- the uri to encode
-
encodeURIComponent
public static String encodeURIComponent(String path)
Encodes a path segment of a URI.Corresponds to encodeURIComponent in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
The following characters are not escaped: A-Za-z0-9-_.!~*'()
- Parameters:
path- the path to encode
-
getServletPathRelative
public static String getServletPathRelative(String absolutePath, javax.servlet.http.HttpServletRequest request)
Returns the given absolute path as a path relative to the servlet path.- Parameters:
absolutePath- the path to make relativerequest- a request with information about the servlet path- Returns:
- a relative path that when applied to the servlet path, refers to the absolute path without containing the context path or servlet path
-
isSafeUrl
public static boolean isSafeUrl(String url)
Checks whether the scheme of the given URL is considered safe by the current deployment configuration.The set of safe schemes is read from the current
VaadinService'sDeploymentConfiguration.getUrlSafeSchemes(), falling back toSet.of(Constants.URL_SAFE_SCHEMES_WILDCARD), which bypasses the validation and allows all URLs when noVaadinServiceis available. Relative URLs (without a scheme) are always considered safe, whereas URLs containing control characters are rejected as they can be used to obfuscate the scheme. AnullURL is considered unsafe.- Parameters:
url- the URL to check, may benull- Returns:
trueif the URL is safe,falseotherwise
-
getUnsafeUrlMessage
public static String getUnsafeUrlMessage(String type, String url, String unsafeMethod)
Builds the message for theIllegalArgumentExceptionthat a validating URL setter throws when given a URL whose scheme is not considered safe. The message points to both theInitParameters.URL_SAFE_SCHEMESconfiguration property and the setter that bypasses validation.- Parameters:
type- the kind of URL being set, for example"href","src"or"path"url- the rejected URLunsafeMethod- the signature of the method that bypasses validation, for example"setUnsafeHref(String)"- Returns:
- the exception message
-
-