public final class

UriUtils

extends Object
java.lang.Object
   ↳ com.google.gwt.safehtml.shared.UriUtils

Class Overview

Utility class containing static methods for validating and sanitizing URIs.

Summary

Public Methods
static String extractScheme(String uri)
Extracts the scheme of a URI.
static boolean isSafeUri(String uri)
Determines if a String is safe to use as the value of a URI-valued HTML attribute such as src or href.
static String sanitizeUri(String uri)
Sanitizes a URI.
[Expand]
Inherited Methods
From class java.lang.Object

Public Methods

public static String extractScheme (String uri)

Extracts the scheme of a URI.

Parameters
uri the URI to extract the scheme from
Returns
  • the URI's scheme, or null if the URI does not have one

public static boolean isSafeUri (String uri)

Determines if a String is safe to use as the value of a URI-valued HTML attribute such as src or href.

In this context, a URI is safe if it can be established that using it as the value of a URI-valued HTML attribute such as src or href cannot result in script execution. Specifically, this method deems a URI safe if it either does not have a scheme, or its scheme is one of http, https, ftp, mailto.

Parameters
uri the URI to validate
Returns
  • true if uri is safe in the above sense; false otherwise

public static String sanitizeUri (String uri)

Sanitizes a URI.

This method returns the URI provided if it is safe to use as the the value of a URI-valued HTML attribute according to isSafeUri(String), or the URI "#" otherwise.

Parameters
uri the URI to sanitize
Returns
  • a sanitized String