java.lang.Object | |
↳ | android.net.UrlQuerySanitizer |
Sanitizes the Query portion of a URL. Simple example:
UrlQuerySanitizer sanitizer = new UrlQuerySanitizer();
sanitizer.setAllowUnregisteredParamaters(true);
sanitizer.parseUrl("http://example.com/?name=Joe+User");
String name = sanitizer.getValue("name"));
// name now contains "Joe_User"
Register ValueSanitizers to customize the way individual
parameters are sanitized:
UrlQuerySanitizer sanitizer = new UrlQuerySanitizer();
sanitizer.registerParamater("name", UrlQuerySanitizer.createSpaceLegal());
sanitizer.parseUrl("http://example.com/?name=Joe+User");
String name = sanitizer.getValue("name"));
// name now contains "Joe User". (The string is first decoded, which
// converts the '+' to a ' '. Then the string is sanitized, which
// converts the ' ' to an '_'. (The ' ' is converted because the default
unregistered parameter sanitizer does not allow any special characters,
and ' ' is a special character.)
There are several ways to create ValueSanitizers. In order of increasing
sophistication:
Nested Classes | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
UrlQuerySanitizer.IllegalCharacterValueSanitizer | Sanitize values based on which characters they contain. | ||||||||||
UrlQuerySanitizer.ParameterValuePair | A simple tuple that holds parameter-value pairs. | ||||||||||
UrlQuerySanitizer.ValueSanitizer | A functor used to sanitize a single query value. |
Public Constructors | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Constructs a UrlQuerySanitizer.
| |||||||||||
Constructs a UrlQuerySanitizer and parse a URL.
|
Public Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Return a value sanitizer that allows any special characters
except angle brackets ('<' and '>') and Nul ('\0').
| |||||||||||
Return a value sanitizer that allows everything except Nul ('\0')
characters.
| |||||||||||
Return a value sanitizer that allows everything except Nul ('\0')
characters, space (' '), and other whitespace characters.
| |||||||||||
Return a value sanitizer that does not allow any special characters,
and also does not allow script URLs.
| |||||||||||
Get whether or not unregistered parameters are allowed.
| |||||||||||
Return a value sanitizer that does not allow any special characters
except ampersand ('&') and space (' ').
| |||||||||||
Return a value sanitizer that does not allow any special characters
except ampersand ('&').
| |||||||||||
Get the effective value sanitizer for a parameter.
| |||||||||||
An array list of all of the parameter value pairs in the sanitized
query, in the order they appeared in the query.
| |||||||||||
Get a set of all of the parameters found in the sanitized query.
| |||||||||||
Get whether or not the first occurrence of a repeated parameter is
preferred.
| |||||||||||
Return a value sanitizer that does not allow any special characters
except space (' ').
| |||||||||||
Get the current value sanitizer used when processing
unregistered parameter values.
| |||||||||||
Return a value sanitizer that allows all the characters used by
encoded URLs and allows spaces, which are not technically legal
in encoded URLs, but commonly appear anyway.
| |||||||||||
Return a value sanitizer that allows all the characters used by
encoded URLs.
| |||||||||||
Get the value for a parameter in the current sanitized query.
| |||||||||||
Get the value sanitizer for a parameter.
| |||||||||||
Check if a parameter exists in the current sanitized query.
| |||||||||||
Parse a query.
| |||||||||||
Parse the query parameters out of an encoded URL.
| |||||||||||
Register a value sanitizer for a particular parameter.
| |||||||||||
Register a value sanitizer for an array of parameters.
| |||||||||||
Set whether or not unregistered parameters are allowed.
| |||||||||||
Set whether or not the first occurrence of a repeated parameter is
preferred.
| |||||||||||
Set the value sanitizer used when processing unregistered
parameter values.
| |||||||||||
Unescape an escaped string.
|
Protected Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Record a sanitized parameter-value pair.
| |||||||||||
Clear the existing entries.
| |||||||||||
Convert a character that represents a hexidecimal digit into an integer.
| |||||||||||
Test if a character is a hexidecimal digit.
| |||||||||||
Parse an escaped parameter-value pair.
|
[Expand]
Inherited Methods | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
From class java.lang.Object
|
Constructs a UrlQuerySanitizer.
Defaults:
Constructs a UrlQuerySanitizer and parse a URL. This constructor is provided for convenience when the default parsing behavior is acceptable.
Because the URL is parsed before the constructor returns, there isn't a chance to configure the sanitizer to change the parsing behavior.
UrlQuerySanitizer sanitizer = new UrlQuerySanitizer(myUrl);
String name = sanitizer.getValue("name");
Defaults:
Return a value sanitizer that allows any special characters except angle brackets ('<' and '>') and Nul ('\0'). Allows script URLs.
Return a value sanitizer that allows everything except Nul ('\0') characters. Script URLs are allowed.
Return a value sanitizer that allows everything except Nul ('\0') characters, space (' '), and other whitespace characters. Script URLs are allowed.
Return a value sanitizer that does not allow any special characters, and also does not allow script URLs.
Get whether or not unregistered parameters are allowed. If not allowed, they will be dropped when a query is parsed.
Return a value sanitizer that does not allow any special characters except ampersand ('&') and space (' '). Does not allow script URLs.
Return a value sanitizer that does not allow any special characters except ampersand ('&'). Does not allow script URLs.
Get the effective value sanitizer for a parameter. Like getValueSanitizer, except if there is no value sanitizer registered for a parameter, and unregistered paramaters are allowed, then the default value sanitizer is returned.
parameter | an unescaped parameter |
---|
An array list of all of the parameter value pairs in the sanitized query, in the order they appeared in the query. May contain duplicate parameters.
Note: Do not modify this list. Treat it as a read-only list.
Get a set of all of the parameters found in the sanitized query.
Note: Do not modify this set. Treat it as a read-only set.
Get whether or not the first occurrence of a repeated parameter is preferred.
Return a value sanitizer that does not allow any special characters except space (' '). Does not allow script URLs.
Get the current value sanitizer used when processing unregistered parameter values.
Note: The default unregistered parameter value sanitizer is one that doesn't allow any special characters, similar to what is returned by calling createAllIllegal.
Return a value sanitizer that allows all the characters used by encoded URLs and allows spaces, which are not technically legal in encoded URLs, but commonly appear anyway. Does not allow script URLs.
Return a value sanitizer that allows all the characters used by encoded URLs. Does not allow script URLs.
Get the value for a parameter in the current sanitized query. Returns null if the parameter does not exit.
parameter | the unencoded name of a parameter. |
---|
Get the value sanitizer for a parameter. Returns null if there is no value sanitizer registered for the parameter.
parameter | the unescaped parameter |
---|
Check if a parameter exists in the current sanitized query.
parameter | the unencoded name of a parameter. |
---|
Parse a query. A query string is any number of parameter-value clauses separated by any non-zero number of ampersands. A parameter-value clause is a parameter followed by an equal sign, followed by a value. If the equal sign is missing, the value is assumed to be the empty string.
query | the query to parse. |
---|
Parse the query parameters out of an encoded URL. Works by extracting the query portion from the URL and then calling parseQuery(). If there is no query portion it is treated as if the query portion is an empty string.
url | the encoded URL to parse. |
---|
Register a value sanitizer for a particular parameter. Can also be used to replace or remove an already-set value sanitizer.
Registering a non-null value sanitizer for a particular parameter makes that parameter a registered parameter.
parameter | an unencoded parameter name |
---|---|
valueSanitizer | the value sanitizer to use for a particular parameter. May be null in order to unregister that parameter. |
Register a value sanitizer for an array of parameters.
parameters | An array of unencoded parameter names. |
---|
Set whether or not unregistered parameters are allowed. If they are not allowed, then they will be dropped when a query is sanitized.
Defaults to false.
allowUnregisteredParamaters | true to allow unregistered parameters. |
---|
Set whether or not the first occurrence of a repeated parameter is preferred. True means the first repeated parameter is preferred. False means that the last repeated parameter is preferred.
The preferred parameter is the one that is returned when getParameter is called.
defaults to false.
preferFirstRepeatedParameter | True if the first repeated parameter is preferred. |
---|
Set the value sanitizer used when processing unregistered parameter values.
sanitizer | set the ValueSanitizer used to sanitize unregistered parameter values. |
---|
Unescape an escaped string.
string | the escaped string |
---|
Record a sanitized parameter-value pair. Override if you want to do additional filtering or validation.
parameter | an unescaped parameter |
---|---|
value | a sanitized unescaped value |
Clear the existing entries. Called to get ready to parse a new query string.
Convert a character that represents a hexidecimal digit into an integer. If the character is not a hexidecimal digit, then -1 is returned. Both upper case and lower case hex digits are allowed.
c | the hexidecimal digit. |
---|
Test if a character is a hexidecimal digit. Both upper case and lower case hex digits are allowed.
c | the character to test |
---|
Parse an escaped parameter-value pair. The default implementation unescapes both the parameter and the value, then looks up the effective value sanitizer for the parameter and uses it to sanitize the value. If all goes well then addSanitizedValue is called with the unescaped parameter and the sanitized unescaped value.
parameter | an escaped parameter |
---|---|
value | an unsanitzied escaped value |