Class UrlUtil

java.lang.Object
com.vaadin.flow.internal.UrlUtil

public class UrlUtil extends Object
Internal utility class for URL handling.

For internal use only. May be renamed or removed in a future release.

Since:
2.0
Author:
Vaadin Ltd
  • Method Details

    • isExternal

      public static boolean isExternal(String url)
      checks if the given url is an external URL (e.g. staring with http:// or https://) or not.
      Parameters:
      url - is the url to be checked.
      Returns:
      true if the url is external otherwise false.
    • encodeURI

      public static String encodeURI(String uri)
      Encodes a full URI.

      Corresponds to encodeURI in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURI

      The path can contain / and other special URL characters as these will not be encoded. See encodeURIComponent(String) if you want to encode all special characters.

      The following characters are not escaped: A-Za-z0-9;,/?:@&=+$-_.!~*'()#

      Parameters:
      uri - the uri to encode
      Returns:
      the encoded URI
      Since:
      9.0
    • encodeURIComponent

      public static String encodeURIComponent(String path)
      Encodes a path segment of a URI.

      Corresponds to encodeURIComponent in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/encodeURIComponent

      The following characters are not escaped: A-Za-z0-9-_.!~*'()

      Parameters:
      path - the path to encode
      Returns:
      the encoded path
      Since:
      9.0
    • decodeURIComponent

      public static String decodeURIComponent(String encoded)
      Decodes a percent-encoded string according to RFC 3986.

      Corresponds to decodeURIComponent in JavaScript https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/decodeURIComponent

      Unlike URLDecoder, this method does not treat '+' as a space character, making it suitable for decoding strings encoded with JavaScript's encodeURIComponent() or encodeURIComponent(String).

      Parameters:
      encoded - the percent-encoded string
      Returns:
      the decoded string
      Since:
      24.9.12
    • appendQueryParameter

      public static String appendQueryParameter(String url, String name, String value)
      Appends a query parameter to the given URL. Uses ? if the URL has no query string yet, or & if it already has one. Returns the original URL unchanged if either name or value is null.
      Parameters:
      url - the original URL
      name - the parameter name, or null to skip
      value - the parameter value, or null to skip
      Returns:
      the URL with the parameter appended, or the original URL if name or value is null
      Since:
      25.1
    • getServletPathRelative

      public static String getServletPathRelative(String absolutePath, jakarta.servlet.http.HttpServletRequest request)
      Returns the given absolute path as a path relative to the servlet path.
      Parameters:
      absolutePath - the path to make relative
      request - a request with information about the servlet path
      Returns:
      a relative path that when applied to the servlet path, refers to the absolute path without containing the context path or servlet path
      Since:
      23.3
    • isSafeUrl

      public static boolean isSafeUrl(String url)
      Checks whether the scheme of the given URL is considered safe by the current deployment configuration.

      The set of safe schemes is read from the current VaadinService's DeploymentConfiguration.getUrlSafeSchemes(), falling back to Constants.DEFAULT_URL_SAFE_SCHEMES when no VaadinService is available. Relative URLs (without a scheme) are always considered safe, whereas URLs containing control characters are rejected as they can be used to obfuscate the scheme. A null URL is considered unsafe.

      Parameters:
      url - the URL to check, may be null
      Returns:
      true if the URL is safe, false otherwise
      Since:
      25.2
    • getUnsafeUrlMessage

      public static String getUnsafeUrlMessage(String type, String url, String unsafeMethod)
      Builds the message for the IllegalArgumentException that a validating URL setter throws when given a URL whose scheme is not considered safe. The message points to both the InitParameters.URL_SAFE_SCHEMES configuration property and the setter that bypasses validation.
      Parameters:
      type - the kind of URL being set, for example "href", "src" or "path"
      url - the rejected URL
      unsafeMethod - the signature of the method that bypasses validation, for example "setUnsafeHref(String)"
      Returns:
      the exception message
      Since:
      25.2