Class QueryStringDecoder


  • public class QueryStringDecoder
    extends java.lang.Object
    Splits an HTTP query string into a path string and key-value parameter pairs. This decoder is for one time use only. Create a new instance for each URI:
     QueryStringDecoder decoder = new QueryStringDecoder("/hello?recipient=world&x=1;y=2");
     assert decoder.getPath().equals("/hello");
     assert decoder.getParameters().get("recipient").get(0).equals("world");
     assert decoder.getParameters().get("x").get(0).equals("1");
     assert decoder.getParameters().get("y").get(0).equals("2");
     
    This decoder can also decode the content of an HTTP POST request whose content type is application/x-www-form-urlencoded:
     QueryStringDecoder decoder = new QueryStringDecoder("recipient=world&x=1;y=2", false);
     ...
     

    HashDOS vulnerability fix

    As a workaround to the HashDOS vulnerability, the decoder limits the maximum number of decoded key-value parameter pairs, up to 1024 by default, and you can configure it when you construct the decoder by passing an additional integer parameter.
    See Also:
    QueryStringEncoder
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private java.nio.charset.Charset charset  
      private static int DEFAULT_MAX_PARAMS  
      private boolean hasPath  
      private int maxParams  
      private int nParams  
      private java.util.Map<java.lang.String,​java.util.List<java.lang.String>> params  
      private java.lang.String path  
      private java.lang.String uri  
    • Constructor Summary

      Constructors 
      Constructor Description
      QueryStringDecoder​(java.lang.String uri)
      Creates a new decoder that decodes the specified URI.
      QueryStringDecoder​(java.lang.String uri, boolean hasPath)
      Creates a new decoder that decodes the specified URI encoded in the specified charset.
      QueryStringDecoder​(java.lang.String uri, java.nio.charset.Charset charset)
      Creates a new decoder that decodes the specified URI encoded in the specified charset.
      QueryStringDecoder​(java.lang.String uri, java.nio.charset.Charset charset, boolean hasPath)
      Creates a new decoder that decodes the specified URI encoded in the specified charset.
      QueryStringDecoder​(java.lang.String uri, java.nio.charset.Charset charset, boolean hasPath, int maxParams)
      Creates a new decoder that decodes the specified URI encoded in the specified charset.
      QueryStringDecoder​(java.net.URI uri)
      Creates a new decoder that decodes the specified URI.
      QueryStringDecoder​(java.net.URI uri, java.nio.charset.Charset charset)
      Creates a new decoder that decodes the specified URI encoded in the specified charset.
      QueryStringDecoder​(java.net.URI uri, java.nio.charset.Charset charset, int maxParams)
      Creates a new decoder that decodes the specified URI encoded in the specified charset.
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private boolean addParam​(java.util.Map<java.lang.String,​java.util.List<java.lang.String>> params, java.lang.String name, java.lang.String value)  
      static java.lang.String decodeComponent​(java.lang.String s)
      Decodes a bit of an URL encoded by a browser.
      static java.lang.String decodeComponent​(java.lang.String s, java.nio.charset.Charset charset)
      Decodes a bit of an URL encoded by a browser.
      private static char decodeHexNibble​(char c)
      Helper to decode half of a hexadecimal number from a string.
      private void decodeParams​(java.lang.String s)  
      java.util.Map<java.lang.String,​java.util.List<java.lang.String>> getParameters()
      Returns the decoded key-value parameter pairs of the URI.
      java.lang.String getPath()
      Returns the decoded path string of the URI.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • charset

        private final java.nio.charset.Charset charset
      • uri

        private final java.lang.String uri
      • hasPath

        private final boolean hasPath
      • maxParams

        private final int maxParams
      • path

        private java.lang.String path
      • params

        private java.util.Map<java.lang.String,​java.util.List<java.lang.String>> params
      • nParams

        private int nParams
    • Constructor Detail

      • QueryStringDecoder

        public QueryStringDecoder​(java.lang.String uri)
        Creates a new decoder that decodes the specified URI. The decoder will assume that the query string is encoded in UTF-8.
      • QueryStringDecoder

        public QueryStringDecoder​(java.lang.String uri,
                                  boolean hasPath)
        Creates a new decoder that decodes the specified URI encoded in the specified charset.
      • QueryStringDecoder

        public QueryStringDecoder​(java.lang.String uri,
                                  java.nio.charset.Charset charset)
        Creates a new decoder that decodes the specified URI encoded in the specified charset.
      • QueryStringDecoder

        public QueryStringDecoder​(java.lang.String uri,
                                  java.nio.charset.Charset charset,
                                  boolean hasPath)
        Creates a new decoder that decodes the specified URI encoded in the specified charset.
      • QueryStringDecoder

        public QueryStringDecoder​(java.lang.String uri,
                                  java.nio.charset.Charset charset,
                                  boolean hasPath,
                                  int maxParams)
        Creates a new decoder that decodes the specified URI encoded in the specified charset.
      • QueryStringDecoder

        public QueryStringDecoder​(java.net.URI uri)
        Creates a new decoder that decodes the specified URI. The decoder will assume that the query string is encoded in UTF-8.
      • QueryStringDecoder

        public QueryStringDecoder​(java.net.URI uri,
                                  java.nio.charset.Charset charset)
        Creates a new decoder that decodes the specified URI encoded in the specified charset.
      • QueryStringDecoder

        public QueryStringDecoder​(java.net.URI uri,
                                  java.nio.charset.Charset charset,
                                  int maxParams)
        Creates a new decoder that decodes the specified URI encoded in the specified charset.
    • Method Detail

      • getPath

        public java.lang.String getPath()
        Returns the decoded path string of the URI.
      • getParameters

        public java.util.Map<java.lang.String,​java.util.List<java.lang.String>> getParameters()
        Returns the decoded key-value parameter pairs of the URI.
      • decodeParams

        private void decodeParams​(java.lang.String s)
      • addParam

        private boolean addParam​(java.util.Map<java.lang.String,​java.util.List<java.lang.String>> params,
                                 java.lang.String name,
                                 java.lang.String value)
      • decodeComponent

        public static java.lang.String decodeComponent​(java.lang.String s)
        Decodes a bit of an URL encoded by a browser.

        This is equivalent to calling decodeComponent(String, Charset) with the UTF-8 charset (recommended to comply with RFC 3986, Section 2).

        Parameters:
        s - The string to decode (can be empty).
        Returns:
        The decoded string, or s if there's nothing to decode. If the string to decode is null, returns an empty string.
        Throws:
        java.lang.IllegalArgumentException - if the string contains a malformed escape sequence.
      • decodeComponent

        public static java.lang.String decodeComponent​(java.lang.String s,
                                                       java.nio.charset.Charset charset)
        Decodes a bit of an URL encoded by a browser.

        The string is expected to be encoded as per RFC 3986, Section 2. This is the encoding used by JavaScript functions encodeURI and encodeURIComponent, but not escape. For example in this encoding, é (in Unicode U+00E9 or in UTF-8 0xC3 0xA9) is encoded as %C3%A9 or %c3%a9.

        This is essentially equivalent to calling URLDecoder.decode(s, charset.name()) except that it's over 2x faster and generates less garbage for the GC. Actually this function doesn't allocate any memory if there's nothing to decode, the argument itself is returned.

        Parameters:
        s - The string to decode (can be empty).
        charset - The charset to use to decode the string (should really be CharsetUtil.UTF_8.
        Returns:
        The decoded string, or s if there's nothing to decode. If the string to decode is null, returns an empty string.
        Throws:
        java.lang.IllegalArgumentException - if the string contains a malformed escape sequence.
      • decodeHexNibble

        private static char decodeHexNibble​(char c)
        Helper to decode half of a hexadecimal number from a string.
        Parameters:
        c - The ASCII character of the hexadecimal number to decode. Must be in the range [0-9a-fA-F].
        Returns:
        The hexadecimal value represented in the ASCII character given, or Character.MAX_VALUE if the character is invalid.