Class UrlUtil


  • public class UrlUtil
    extends Object
    Internal utility class for URL handling.

    For internal use only. May be renamed or removed in a future release.

    Since:
    2.0
    Author:
    Vaadin Ltd
    • Method Detail

      • isExternal

        public static boolean isExternal​(String url)
        checks if the given url is an external URL (e.g. staring with http:// or https://) or not.
        Parameters:
        url - is the url to be checked.
        Returns:
        true if the url is external otherwise false.
      • encodeURI

        public static String encodeURI​(String uri)
        Encodes a full URI.

        Corresponds to encodeURI in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI

        The path can contain / and other special URL characters as these will not be encoded. See encodeURIComponent(String) if you want to encode all special characters.

        The following characters are not escaped: A-Za-z0-9;,/?:@&=+$-_.!~*'()#

        Parameters:
        uri - the uri to encode
      • encodeURIComponent

        public static String encodeURIComponent​(String path)
        Encodes a path segment of a URI.

        Corresponds to encodeURIComponent in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent

        The following characters are not escaped: A-Za-z0-9-_.!~*'()

        Parameters:
        path - the path to encode
      • getServletPathRelative

        public static String getServletPathRelative​(String absolutePath,
                                                    javax.servlet.http.HttpServletRequest request)
        Returns the given absolute path as a path relative to the servlet path.
        Parameters:
        absolutePath - the path to make relative
        request - a request with information about the servlet path
        Returns:
        a relative path that when applied to the servlet path, refers to the absolute path without containing the context path or servlet path
      • isSafeUrl

        public static boolean isSafeUrl​(String url)
        Checks whether the scheme of the given URL is considered safe by the current deployment configuration.

        The set of safe schemes is read from the current VaadinService's DeploymentConfiguration.getUrlSafeSchemes(), falling back to Set.of(Constants.URL_SAFE_SCHEMES_WILDCARD), which bypasses the validation and allows all URLs when no VaadinService is available. Relative URLs (without a scheme) are always considered safe, whereas URLs containing control characters are rejected as they can be used to obfuscate the scheme. A null URL is considered unsafe.

        Parameters:
        url - the URL to check, may be null
        Returns:
        true if the URL is safe, false otherwise
      • getUnsafeUrlMessage

        public static String getUnsafeUrlMessage​(String type,
                                                 String url,
                                                 String unsafeMethod)
        Builds the message for the IllegalArgumentException that a validating URL setter throws when given a URL whose scheme is not considered safe. The message points to both the InitParameters.URL_SAFE_SCHEMES configuration property and the setter that bypasses validation.
        Parameters:
        type - the kind of URL being set, for example "href", "src" or "path"
        url - the rejected URL
        unsafeMethod - the signature of the method that bypasses validation, for example "setUnsafeHref(String)"
        Returns:
        the exception message