Home Original page

UrlQuerySanitizer  |  API reference  |  Android Developers

Sanitizes the Query portion of a URL. Simple example:

Register ValueSanitizers to customize the way individual parameters are sanitized:

There are several ways to create ValueSanitizers. In order of increasing sophistication:

Nested classes

class UrlQuerySanitizer.IllegalCharacterValueSanitizer

Sanitize values based on which characters they contain. 

class UrlQuerySanitizer.ParameterValuePair

A simple tuple that holds parameter-value pairs. 

interface UrlQuerySanitizer.ValueSanitizer

A functor used to sanitize a single query value. 

Public constructors

UrlQuerySanitizer()

Constructs a UrlQuerySanitizer.

UrlQuerySanitizer(String url)

Constructs a UrlQuerySanitizer and parses a URL.

Public methods

static final UrlQuerySanitizer.ValueSanitizer getAllButNulAndAngleBracketsLegal()

Return a value sanitizer that allows any special characters except angle brackets ('<' and '>') and Nul ('\0').

static final UrlQuerySanitizer.ValueSanitizer getAllButNulLegal()

Return a value sanitizer that allows everything except Nul ('\0') characters.

static final UrlQuerySanitizer.ValueSanitizer getAllButWhitespaceLegal()

Return a value sanitizer that allows everything except Nul ('\0') characters, space (' '), and other whitespace characters.

static final UrlQuerySanitizer.ValueSanitizer getAllIllegal()

Return a value sanitizer that does not allow any special characters, and also does not allow script URLs.

boolean getAllowUnregisteredParamaters()

Get whether or not unregistered parameters are allowed.

static final UrlQuerySanitizer.ValueSanitizer getAmpAndSpaceLegal()

Return a value sanitizer that does not allow any special characters except ampersand ('&') and space (' ').

static final UrlQuerySanitizer.ValueSanitizer getAmpLegal()

Return a value sanitizer that does not allow any special characters except ampersand ('&').

UrlQuerySanitizer.ValueSanitizer getEffectiveValueSanitizer(String parameter)

Get the effective value sanitizer for a parameter.

List<UrlQuerySanitizer.ParameterValuePair> getParameterList()

An array list of all of the parameter-value pairs in the sanitized query, in the order they appeared in the query.

Set<String> getParameterSet()

Get a set of all of the parameters found in the sanitized query.

boolean getPreferFirstRepeatedParameter()

Get whether or not the first occurrence of a repeated parameter is preferred.

static final UrlQuerySanitizer.ValueSanitizer getSpaceLegal()

Return a value sanitizer that does not allow any special characters except space (' ').

UrlQuerySanitizer.ValueSanitizer getUnregisteredParameterValueSanitizer()

Get the current value sanitizer used when processing unregistered parameter values.

static final UrlQuerySanitizer.ValueSanitizer getUrlAndSpaceLegal()

Return a value sanitizer that allows all the characters used by encoded URLs and allows spaces, which are not technically legal in encoded URLs, but commonly appear anyway.

static final UrlQuerySanitizer.ValueSanitizer getUrlLegal()

Return a value sanitizer that allows all the characters used by encoded URLs.

String getValue(String parameter)

Get the value for a parameter in the current sanitized query.

UrlQuerySanitizer.ValueSanitizer getValueSanitizer(String parameter)

Get the value sanitizer for a parameter.

boolean hasParameter(String parameter)

Check if a parameter exists in the current sanitized query.

void parseQuery(String query)

Parse a query.

void parseUrl(String url)

Parse the query parameters out of an encoded URL.

void registerParameter(String parameter, UrlQuerySanitizer.ValueSanitizer valueSanitizer)

Register a value sanitizer for a particular parameter.

void registerParameters(String[] parameters, UrlQuerySanitizer.ValueSanitizer valueSanitizer)

Register a value sanitizer for an array of parameters.

void setAllowUnregisteredParamaters(boolean allowUnregisteredParamaters)

Set whether or not unregistered parameters are allowed.

void setPreferFirstRepeatedParameter(boolean preferFirstRepeatedParameter)

Set whether or not the first occurrence of a repeated parameter is preferred.

void setUnregisteredParameterValueSanitizer(UrlQuerySanitizer.ValueSanitizer sanitizer)

Set the value sanitizer used when processing unregistered parameter values.

String unescape(String string)

Protected methods

void addSanitizedEntry(String parameter, String value)

Record a sanitized parameter-value pair.

void clear()

Clear the existing entries.

int decodeHexDigit(char c)

Convert a character that represents a hexidecimal digit into an integer.

boolean isHexDigit(char c)

Test if a character is a hexidecimal digit.

void parseEntry(String parameter, String value)

Parse an escaped parameter-value pair.

Inherited methods

From class java.lang.Object

Object clone()

Creates and returns a copy of this object.

boolean equals(Object obj)

Indicates whether some other object is "equal to" this one.

void finalize()

Called by the garbage collector on an object when garbage collection determines that there are no more references to the object.

final Class<?> getClass()

Returns the runtime class of this Object.

int hashCode()

Returns a hash code value for the object.

final void notify()

Wakes up a single thread that is waiting on this object's monitor.

final void notifyAll()

Wakes up all threads that are waiting on this object's monitor.

String toString()

Returns a string representation of the object.

final void wait(long timeoutMillis, int nanos)

Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.

final void wait(long timeoutMillis)

Causes the current thread to wait until it is awakened, typically by being notified or interrupted, or until a certain amount of real time has elapsed.

final void wait()

Causes the current thread to wait until it is awakened, typically by being notified or interrupted.

Public constructors

UrlQuerySanitizer

public UrlQuerySanitizer ()

Constructs a UrlQuerySanitizer.

Defaults:

  • unregistered parameters are not allowed.
  • the last instance of a repeated parameter is preferred.
  • The default value sanitizer is an AllIllegal value sanitizer.

UrlQuerySanitizer

public UrlQuerySanitizer (String url)

Constructs a UrlQuerySanitizer and parses a URL. This constructor is provided for convenience when the default parsing behavior is acceptable.

Because the URL is parsed before the constructor returns, there isn't a chance to configure the sanitizer to change the parsing behavior.

UrlQuerySanitizer sanitizer = new UrlQuerySanitizer(myUrl); String name = sanitizer.getValue("name");

Defaults:

  • unregistered parameters are allowed.
  • the last instance of a repeated parameter is preferred.
  • The default value sanitizer is an AllIllegal value sanitizer.
      Parameters
      url String

Public methods

getAllowUnregisteredParamaters

public boolean getAllowUnregisteredParamaters ()

Get whether or not unregistered parameters are allowed. If not allowed, they will be dropped when a query is parsed.

Returns
boolean true if unregistered parameters are allowed.

getEffectiveValueSanitizer

public UrlQuerySanitizer.ValueSanitizer getEffectiveValueSanitizer (String parameter)

Get the effective value sanitizer for a parameter. Like getValueSanitizer, except if there is no value sanitizer registered for a parameter, and unregistered parameters are allowed, then the default value sanitizer is returned.

Parameters
parameter String: an unescaped parameter
Returns
UrlQuerySanitizer.ValueSanitizer the effective value sanitizer for a parameter.

getParameterSet

public Set<String> getParameterSet ()

Get a set of all of the parameters found in the sanitized query.

Note: Do not modify this set. Treat it as a read-only set.

Returns
Set<String> all the parameters found in the current query.

getPreferFirstRepeatedParameter

public boolean getPreferFirstRepeatedParameter ()

Get whether or not the first occurrence of a repeated parameter is preferred.

Returns
boolean true if the first occurrence of a repeated parameter is preferred.

getUnregisteredParameterValueSanitizer

public UrlQuerySanitizer.ValueSanitizer getUnregisteredParameterValueSanitizer ()

Get the current value sanitizer used when processing unregistered parameter values.

Note: The default unregistered parameter value sanitizer is one that doesn't allow any special characters, similar to what is returned by calling createAllIllegal.

Returns
UrlQuerySanitizer.ValueSanitizer the current ValueSanitizer used to sanitize unregistered parameter values.

getUrlAndSpaceLegal

public static final UrlQuerySanitizer.ValueSanitizer getUrlAndSpaceLegal ()

Return a value sanitizer that allows all the characters used by encoded URLs and allows spaces, which are not technically legal in encoded URLs, but commonly appear anyway. Does not allow script URLs.

Returns
UrlQuerySanitizer.ValueSanitizer a value sanitizer

getValue

public String getValue (String parameter)

Get the value for a parameter in the current sanitized query. Returns null if the parameter does not exit.

Parameters
parameter String: the unencoded name of a parameter.
Returns
String the sanitized unencoded value of the parameter, or null if the parameter does not exist.

getValueSanitizer

public UrlQuerySanitizer.ValueSanitizer getValueSanitizer (String parameter)

Get the value sanitizer for a parameter. Returns null if there is no value sanitizer registered for the parameter.

Parameters
parameter String: the unescaped parameter
Returns
UrlQuerySanitizer.ValueSanitizer the currently registered value sanitizer for this parameter.

hasParameter

public boolean hasParameter (String parameter)

Check if a parameter exists in the current sanitized query.

Parameters
parameter String: the unencoded name of a parameter.
Returns
boolean true if the parameter exists in the current sanitized queary.

parseQuery

public void parseQuery (String query)

Parse a query. A query string is any number of parameter-value clauses separated by any non-zero number of ampersands. A parameter-value clause is a parameter followed by an equal sign, followed by a value. If the equal sign is missing, the value is assumed to be the empty string.

Parameters
query String: the query to parse.

parseUrl

public void parseUrl (String url)

Parse the query parameters out of an encoded URL. Works by extracting the query portion from the URL and then calling parseQuery(). If there is no query portion it is treated as if the query portion is an empty string.

Parameters
url String: the encoded URL to parse.

registerParameter

public void registerParameter (String parameter, 
                UrlQuerySanitizer.ValueSanitizer valueSanitizer)

Register a value sanitizer for a particular parameter. Can also be used to replace or remove an already-set value sanitizer.

Registering a non-null value sanitizer for a particular parameter makes that parameter a registered parameter.

Parameters
parameter String: an unencoded parameter name
valueSanitizer UrlQuerySanitizer.ValueSanitizer: the value sanitizer to use for a particular parameter. May be null in order to unregister that parameter.

registerParameters

public void registerParameters (String[] parameters, 
                UrlQuerySanitizer.ValueSanitizer valueSanitizer)

Register a value sanitizer for an array of parameters.

Parameters
parameters String: An array of unencoded parameter names.

setAllowUnregisteredParamaters

public void setAllowUnregisteredParamaters (boolean allowUnregisteredParamaters)

Set whether or not unregistered parameters are allowed. If they are not allowed, then they will be dropped when a query is sanitized.

Defaults to false.

Parameters
allowUnregisteredParamaters boolean: true to allow unregistered parameters.

setPreferFirstRepeatedParameter

public void setPreferFirstRepeatedParameter (boolean preferFirstRepeatedParameter)

Set whether or not the first occurrence of a repeated parameter is preferred. True means the first repeated parameter is preferred. False means that the last repeated parameter is preferred.

The preferred parameter is the one that is returned when getParameter is called.

defaults to false.

Parameters
preferFirstRepeatedParameter boolean: True if the first repeated parameter is preferred.

setUnregisteredParameterValueSanitizer

public void setUnregisteredParameterValueSanitizer (UrlQuerySanitizer.ValueSanitizer sanitizer)

Set the value sanitizer used when processing unregistered parameter values.

Parameters
sanitizer UrlQuerySanitizer.ValueSanitizer: set the ValueSanitizer used to sanitize unregistered parameter values.

Protected methods

addSanitizedEntry

protected void addSanitizedEntry (String parameter, 
                String value)

Record a sanitized parameter-value pair. Override if you want to do additional filtering or validation.

Parameters
parameter String: an unescaped parameter
value String: a sanitized unescaped value

clear

protected void clear ()

Clear the existing entries. Called to get ready to parse a new query string.

decodeHexDigit

protected int decodeHexDigit (char c)

Convert a character that represents a hexidecimal digit into an integer. If the character is not a hexidecimal digit, then -1 is returned. Both upper case and lower case hex digits are allowed.

Parameters
c char: the hexidecimal digit.
Returns
int the integer value of the hexidecimal digit.

isHexDigit

protected boolean isHexDigit (char c)

Test if a character is a hexidecimal digit. Both upper case and lower case hex digits are allowed.

Parameters
c char: the character to test
Returns
boolean true if c is a hex digit.

parseEntry

protected void parseEntry (String parameter, 
                String value)

Parse an escaped parameter-value pair. The default implementation unescapes both the parameter and the value, then looks up the effective value sanitizer for the parameter and uses it to sanitize the value. If all goes well then addSanitizedValue is called with the unescaped parameter and the sanitized unescaped value.

Parameters
parameter String: an escaped parameter
value String: an unsanitized escaped value