Added in API level 1

UrlQuerySanitizer


open class UrlQuerySanitizer
kotlin.Any
   ↳ android.net.UrlQuerySanitizer

Sanitizes the Query portion of a URL. Simple example:

UrlQuerySanitizer sanitizer = new UrlQuerySanitizer();
  sanitizer.setAllowUnregisteredParamaters(true);
  sanitizer.parseUrl("http://example.com/?name=Joe+User");
  String name = sanitizer.getValue("name"));
  // name now contains "Joe_User"
  
Register ValueSanitizers to customize the way individual parameters are sanitized:
UrlQuerySanitizer sanitizer = new UrlQuerySanitizer();
  sanitizer.registerParamater("name", UrlQuerySanitizer.createSpaceLegal());
  sanitizer.parseUrl("http://example.com/?name=Joe+User");
  String name = sanitizer.getValue("name"));
  // name now contains "Joe User". (The string is first decoded, which
  // converts the '+' to a ' '. Then the string is sanitized, which
  // converts the ' ' to an '_'. (The ' ' is converted because the default
  unregistered parameter sanitizer does not allow any special characters,
  and ' ' is a special character.)
  

There are several ways to create ValueSanitizers. In order of increasing sophistication:

  1. Call one of the UrlQuerySanitizer.createXXX() methods.
  2. Construct your own instance of UrlQuerySanitizer.IllegalCharacterValueSanitizer.
  3. Subclass UrlQuerySanitizer.ValueSanitizer to define your own value sanitizer.

Summary

Nested classes
open

Sanitize values based on which characters they contain.

open

A simple tuple that holds parameter-value pairs.

abstract

A functor used to sanitize a single query value.

Public constructors

Constructs a UrlQuerySanitizer.

Constructs a UrlQuerySanitizer and parses a URL.

Public methods
static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that allows any special characters except angle brackets ('<' and '>') and Nul ('\0').

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that allows everything except Nul ('\0') characters.

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that allows everything except Nul ('\0') characters, space (' '), and other whitespace characters.

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that does not allow any special characters, and also does not allow script URLs.

open Boolean

Get whether or not unregistered parameters are allowed.

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that does not allow any special characters except ampersand ('&') and space (' ').

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that does not allow any special characters except ampersand ('&').

open UrlQuerySanitizer.ValueSanitizer!

Get the effective value sanitizer for a parameter.

open MutableList<UrlQuerySanitizer.ParameterValuePair!>!

An array list of all of the parameter-value pairs in the sanitized query, in the order they appeared in the query.

open MutableSet<String!>!

Get a set of all of the parameters found in the sanitized query.

open Boolean

Get whether or not the first occurrence of a repeated parameter is preferred.

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that does not allow any special characters except space (' ').

open UrlQuerySanitizer.ValueSanitizer!

Get the current value sanitizer used when processing unregistered parameter values.

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that allows all the characters used by encoded URLs and allows spaces, which are not technically legal in encoded URLs, but commonly appear anyway.

static UrlQuerySanitizer.ValueSanitizer!

Return a value sanitizer that allows all the characters used by encoded URLs.

open String!
getValue(parameter: String!)

Get the value for a parameter in the current sanitized query.

open UrlQuerySanitizer.ValueSanitizer!

Get the value sanitizer for a parameter.

open Boolean
hasParameter(parameter: String!)

Check if a parameter exists in the current sanitized query.

open Unit
parseQuery(query: String!)

Parse a query.

open Unit

Parse the query parameters out of an encoded URL.

open Unit

Register a value sanitizer for a particular parameter.

open Unit

Register a value sanitizer for an array of parameters.

open Unit
setAllowUnregisteredParamaters(allowUnregisteredParamaters: Boolean)

Set whether or not unregistered parameters are allowed.

open Unit
setPreferFirstRepeatedParameter(preferFirstRepeatedParameter: Boolean)

Set whether or not the first occurrence of a repeated parameter is preferred.

open Unit

Set the value sanitizer used when processing unregistered parameter values.

open String!
unescape(string: String!)

Protected methods
open Unit
addSanitizedEntry(parameter: String!, value: String!)

Record a sanitized parameter-value pair.

open Unit

Clear the existing entries.

open Int

Convert a character that represents a hexidecimal digit into an integer.

open Boolean

Test if a character is a hexidecimal digit.

open Unit
parseEntry(parameter: String!, value: String!)

Parse an escaped parameter-value pair.

Public constructors

UrlQuerySanitizer

Added in API level 1
UrlQuerySanitizer()

Constructs a UrlQuerySanitizer.

Defaults:

  • unregistered parameters are not allowed.
  • the last instance of a repeated parameter is preferred.
  • The default value sanitizer is an AllIllegal value sanitizer.

    UrlQuerySanitizer

    Added in API level 1
    UrlQuerySanitizer(url: String!)

    Constructs a UrlQuerySanitizer and parses a URL. This constructor is provided for convenience when the default parsing behavior is acceptable.

    Because the URL is parsed before the constructor returns, there isn't a chance to configure the sanitizer to change the parsing behavior.

    UrlQuerySanitizer sanitizer = new UrlQuerySanitizer(myUrl); String name = sanitizer.getValue("name");

    Defaults:

    • unregistered parameters are allowed.
    • the last instance of a repeated parameter is preferred.
    • The default value sanitizer is an AllIllegal value sanitizer.

      Public methods

      getAllButNulAndAngleBracketsLegal

      Added in API level 1
      static fun getAllButNulAndAngleBracketsLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that allows any special characters except angle brackets ('<' and '>') and Nul ('\0'). Allows script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getAllButNulLegal

      Added in API level 1
      static fun getAllButNulLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that allows everything except Nul ('\0') characters. Script URLs are allowed.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getAllButWhitespaceLegal

      Added in API level 1
      static fun getAllButWhitespaceLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that allows everything except Nul ('\0') characters, space (' '), and other whitespace characters. Script URLs are allowed.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getAllIllegal

      Added in API level 1
      static fun getAllIllegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that does not allow any special characters, and also does not allow script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getAllowUnregisteredParamaters

      Added in API level 1
      open fun getAllowUnregisteredParamaters(): Boolean

      Get whether or not unregistered parameters are allowed. If not allowed, they will be dropped when a query is parsed.

      Return
      Boolean true if unregistered parameters are allowed.

      getAmpAndSpaceLegal

      Added in API level 1
      static fun getAmpAndSpaceLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that does not allow any special characters except ampersand ('&') and space (' '). Does not allow script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getAmpLegal

      Added in API level 1
      static fun getAmpLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that does not allow any special characters except ampersand ('&'). Does not allow script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getEffectiveValueSanitizer

      Added in API level 1
      open fun getEffectiveValueSanitizer(parameter: String!): UrlQuerySanitizer.ValueSanitizer!

      Get the effective value sanitizer for a parameter. Like getValueSanitizer, except if there is no value sanitizer registered for a parameter, and unregistered parameters are allowed, then the default value sanitizer is returned.

      Parameters
      parameter String!: an unescaped parameter
      Return
      UrlQuerySanitizer.ValueSanitizer! the effective value sanitizer for a parameter.

      getParameterList

      Added in API level 1
      open fun getParameterList(): MutableList<UrlQuerySanitizer.ParameterValuePair!>!

      An array list of all of the parameter-value pairs in the sanitized query, in the order they appeared in the query. May contain duplicate parameters.

      Note: Do not modify this list. Treat it as a read-only list.

      getParameterSet

      Added in API level 1
      open fun getParameterSet(): MutableSet<String!>!

      Get a set of all of the parameters found in the sanitized query.

      Note: Do not modify this set. Treat it as a read-only set.

      Return
      MutableSet<String!>! all the parameters found in the current query.

      getPreferFirstRepeatedParameter

      Added in API level 1
      open fun getPreferFirstRepeatedParameter(): Boolean

      Get whether or not the first occurrence of a repeated parameter is preferred.

      Return
      Boolean true if the first occurrence of a repeated parameter is preferred.

      getSpaceLegal

      Added in API level 1
      static fun getSpaceLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that does not allow any special characters except space (' '). Does not allow script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getUnregisteredParameterValueSanitizer

      Added in API level 1
      open fun getUnregisteredParameterValueSanitizer(): UrlQuerySanitizer.ValueSanitizer!

      Get the current value sanitizer used when processing unregistered parameter values.

      Note: The default unregistered parameter value sanitizer is one that doesn't allow any special characters, similar to what is returned by calling createAllIllegal.

      Return
      UrlQuerySanitizer.ValueSanitizer! the current ValueSanitizer used to sanitize unregistered parameter values.

      getUrlAndSpaceLegal

      Added in API level 1
      static fun getUrlAndSpaceLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that allows all the characters used by encoded URLs and allows spaces, which are not technically legal in encoded URLs, but commonly appear anyway. Does not allow script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getUrlLegal

      Added in API level 1
      static fun getUrlLegal(): UrlQuerySanitizer.ValueSanitizer!

      Return a value sanitizer that allows all the characters used by encoded URLs. Does not allow script URLs.

      Return
      UrlQuerySanitizer.ValueSanitizer! a value sanitizer

      getValue

      Added in API level 1
      open fun getValue(parameter: String!): String!

      Get the value for a parameter in the current sanitized query. Returns null if the parameter does not exit.

      Parameters
      parameter String!: the unencoded name of a parameter.
      Return
      String! the sanitized unencoded value of the parameter, or null if the parameter does not exist.

      getValueSanitizer

      Added in API level 1
      open fun getValueSanitizer(parameter: String!): UrlQuerySanitizer.ValueSanitizer!

      Get the value sanitizer for a parameter. Returns null if there is no value sanitizer registered for the parameter.

      Parameters
      parameter String!: the unescaped parameter
      Return
      UrlQuerySanitizer.ValueSanitizer! the currently registered value sanitizer for this parameter.

      hasParameter

      Added in API level 1
      open fun hasParameter(parameter: String!): Boolean

      Check if a parameter exists in the current sanitized query.

      Parameters
      parameter String!: the unencoded name of a parameter.
      Return
      Boolean true if the parameter exists in the current sanitized queary.

      parseQuery

      Added in API level 1
      open fun parseQuery(query: String!): Unit

      Parse a query. A query string is any number of parameter-value clauses separated by any non-zero number of ampersands. A parameter-value clause is a parameter followed by an equal sign, followed by a value. If the equal sign is missing, the value is assumed to be the empty string.

      Parameters
      query String!: the query to parse.

      parseUrl

      Added in API level 1
      open fun parseUrl(url: String!): Unit

      Parse the query parameters out of an encoded URL. Works by extracting the query portion from the URL and then calling parseQuery(). If there is no query portion it is treated as if the query portion is an empty string.

      Parameters
      url String!: the encoded URL to parse.

      registerParameter

      Added in API level 1
      open fun registerParameter(
          parameter: String!,
          valueSanitizer: UrlQuerySanitizer.ValueSanitizer!
      ): Unit

      Register a value sanitizer for a particular parameter. Can also be used to replace or remove an already-set value sanitizer.

      Registering a non-null value sanitizer for a particular parameter makes that parameter a registered parameter.

      Parameters
      parameter String!: an unencoded parameter name
      valueSanitizer UrlQuerySanitizer.ValueSanitizer!: the value sanitizer to use for a particular parameter. May be null in order to unregister that parameter.

      registerParameters

      Added in API level 1
      open fun registerParameters(
          parameters: Array<String!>!,
          valueSanitizer: UrlQuerySanitizer.ValueSanitizer!
      ): Unit

      Register a value sanitizer for an array of parameters.

      Parameters
      parameters Array<String!>!: An array of unencoded parameter names.
      valueSanitizer UrlQuerySanitizer.ValueSanitizer!:

      setAllowUnregisteredParamaters

      Added in API level 1
      open fun setAllowUnregisteredParamaters(allowUnregisteredParamaters: Boolean): Unit

      Set whether or not unregistered parameters are allowed. If they are not allowed, then they will be dropped when a query is sanitized.

      Defaults to false.

      Parameters
      allowUnregisteredParamaters Boolean: true to allow unregistered parameters.

      setPreferFirstRepeatedParameter

      Added in API level 1
      open fun setPreferFirstRepeatedParameter(preferFirstRepeatedParameter: Boolean): Unit

      Set whether or not the first occurrence of a repeated parameter is preferred. True means the first repeated parameter is preferred. False means that the last repeated parameter is preferred.

      The preferred parameter is the one that is returned when getParameter is called.

      defaults to false.

      Parameters
      preferFirstRepeatedParameter Boolean: True if the first repeated parameter is preferred.

      setUnregisteredParameterValueSanitizer

      Added in API level 1
      open fun setUnregisteredParameterValueSanitizer(sanitizer: UrlQuerySanitizer.ValueSanitizer!): Unit

      Set the value sanitizer used when processing unregistered parameter values.

      Parameters
      sanitizer UrlQuerySanitizer.ValueSanitizer!: set the ValueSanitizer used to sanitize unregistered parameter values.

      unescape

      Added in API level 1
      open fun unescape(string: String!): String!

      Protected methods

      addSanitizedEntry

      Added in API level 1
      protected open fun addSanitizedEntry(
          parameter: String!,
          value: String!
      ): Unit

      Record a sanitized parameter-value pair. Override if you want to do additional filtering or validation.

      Parameters
      parameter String!: an unescaped parameter
      value String!: a sanitized unescaped value

      clear

      Added in API level 1
      protected open fun clear(): Unit

      Clear the existing entries. Called to get ready to parse a new query string.

      decodeHexDigit

      Added in API level 1
      protected open fun decodeHexDigit(c: Char): Int

      Convert a character that represents a hexidecimal digit into an integer. If the character is not a hexidecimal digit, then -1 is returned. Both upper case and lower case hex digits are allowed.

      Parameters
      c Char: the hexidecimal digit.
      Return
      Int the integer value of the hexidecimal digit.

      isHexDigit

      Added in API level 1
      protected open fun isHexDigit(c: Char): Boolean

      Test if a character is a hexidecimal digit. Both upper case and lower case hex digits are allowed.

      Parameters
      c Char: the character to test
      Return
      Boolean true if c is a hex digit.

      parseEntry

      Added in API level 1
      protected open fun parseEntry(
          parameter: String!,
          value: String!
      ): Unit

      Parse an escaped parameter-value pair. The default implementation unescapes both the parameter and the value, then looks up the effective value sanitizer for the parameter and uses it to sanitize the value. If all goes well then addSanitizedValue is called with the unescaped parameter and the sanitized unescaped value.

      Parameters
      parameter String!: an escaped parameter
      value String!: an unsanitized escaped value