Class UrlUtil
For internal use only. May be renamed or removed in a future release.
- Since:
- 2.0
- Author:
- Vaadin Ltd
-
Method Summary
Modifier and TypeMethodDescriptionstatic StringappendQueryParameter(String url, String name, String value) Appends a query parameter to the given URL.static StringdecodeURIComponent(String encoded) Decodes a percent-encoded string according to RFC 3986.static StringEncodes a full URI.static StringencodeURIComponent(String path) Encodes a path segment of a URI.static StringgetServletPathRelative(String absolutePath, jakarta.servlet.http.HttpServletRequest request) Returns the given absolute path as a path relative to the servlet path.static StringgetUnsafeUrlMessage(String type, String url, String unsafeMethod) Builds the message for theIllegalArgumentExceptionthat a validating URL setter throws when given a URL whose scheme is not considered safe.static booleanisExternal(String url) checks if the given url is an external URL (e.g.static booleanChecks whether the scheme of the given URL is considered safe by the current deployment configuration.
-
Method Details
-
isExternal
checks if the given url is an external URL (e.g. staring with http:// or https://) or not.- Parameters:
url- is the url to be checked.- Returns:
- true if the url is external otherwise false.
-
encodeURI
Encodes a full URI.Corresponds to encodeURI in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI
The path can contain
/and other special URL characters as these will not be encoded. SeeencodeURIComponent(String)if you want to encode all special characters.The following characters are not escaped: A-Za-z0-9;,/?:@&=+$-_.!~*'()#
- Parameters:
uri- the uri to encode- Returns:
- the encoded URI
- Since:
- 9.0
-
encodeURIComponent
Encodes a path segment of a URI.Corresponds to encodeURIComponent in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent
The following characters are not escaped: A-Za-z0-9-_.!~*'()
- Parameters:
path- the path to encode- Returns:
- the encoded path
- Since:
- 9.0
-
decodeURIComponent
Decodes a percent-encoded string according to RFC 3986.Corresponds to decodeURIComponent in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent
Unlike
URLDecoder, this method does not treat '+' as a space character, making it suitable for decoding strings encoded with JavaScript'sencodeURIComponent()orencodeURIComponent(String).- Parameters:
encoded- the percent-encoded string- Returns:
- the decoded string
- Since:
- 24.9.12
-
appendQueryParameter
Appends a query parameter to the given URL. Uses?if the URL has no query string yet, or&if it already has one. Returns the original URL unchanged if eithernameorvalueisnull.- Parameters:
url- the original URLname- the parameter name, ornullto skipvalue- the parameter value, ornullto skip- Returns:
- the URL with the parameter appended, or the original URL if name
or value is
null - Since:
- 25.1
-
getServletPathRelative
public static String getServletPathRelative(String absolutePath, jakarta.servlet.http.HttpServletRequest request) Returns the given absolute path as a path relative to the servlet path.- Parameters:
absolutePath- the path to make relativerequest- a request with information about the servlet path- Returns:
- a relative path that when applied to the servlet path, refers to the absolute path without containing the context path or servlet path
- Since:
- 23.3
-
isSafeUrl
Checks whether the scheme of the given URL is considered safe by the current deployment configuration.The set of safe schemes is read from the current
VaadinService'sDeploymentConfiguration.getUrlSafeSchemes(), falling back toConstants.DEFAULT_URL_SAFE_SCHEMESwhen noVaadinServiceis available. Relative URLs (without a scheme) are always considered safe, whereas URLs containing control characters are rejected as they can be used to obfuscate the scheme. AnullURL is considered unsafe.- Parameters:
url- the URL to check, may benull- Returns:
trueif the URL is safe,falseotherwise- Since:
- 25.2
-
getUnsafeUrlMessage
Builds the message for theIllegalArgumentExceptionthat a validating URL setter throws when given a URL whose scheme is not considered safe. The message points to both theInitParameters.URL_SAFE_SCHEMESconfiguration property and the setter that bypasses validation.- Parameters:
type- the kind of URL being set, for example"href","src"or"path"url- the rejected URLunsafeMethod- the signature of the method that bypasses validation, for example"setUnsafeHref(String)"- Returns:
- the exception message
- Since:
- 25.2
-