Class PercentEscaper


public class PercentEscaper extends UnicodeEscaper
A UnicodeEscaper that escapes some set of Java characters using the URI percent encoding scheme. The set of safe characters (those which remain unescaped) can be specified on construction.

For details on escaping URIs for use in web pages, see RFC 3986 - section 2.4 and RFC 3986 - appendix A

When encoding a String, the following rules apply:

  • The alphanumeric characters "a" through "z", "A" through "Z" and "0" through "9" remain the same.
  • Any additionally specified safe characters remain the same.
  • If plusForSpace was specified, the space character " " is converted into a plus sign "+".
  • All other characters are converted into one or more bytes using UTF-8 encoding and each byte is then represented by the 3-character string "%XY", where "XY" is the two-digit, uppercase, hexadecimal representation of the byte value.

RFC 2396 specifies the set of unreserved characters as "-", "_", ".", "!", "~", "*", "'", "(" and ")". It goes on to state:

Unreserved characters can be escaped without changing the semantics of the URI, but this should not be done unless the URI is being used in a context that does not allow the unescaped character to appear.

For performance reasons the only currently supported character encoding of this class is UTF-8.

Note: This escaper produces uppercase hexadecimal sequences. From RFC 3986:
"URI producers and normalizers should use uppercase hexadecimal digits for all percent-encodings."

Since:
1.0
  • Field Details

    • SAFECHARS_URLENCODER

      public static final String SAFECHARS_URLENCODER
      A string of safe characters that mimics the behavior of URLEncoder.
      See Also:
    • SAFEPATHCHARS_URLENCODER

      public static final String SAFEPATHCHARS_URLENCODER
      A string of characters that do not need to be encoded when used in URI path segments, as specified in RFC 3986. Note that some of these characters do need to be escaped when used in other parts of the URI.
      See Also:
    • SAFE_PLUS_RESERVED_CHARS_URLENCODER

      public static final String SAFE_PLUS_RESERVED_CHARS_URLENCODER
      Contains the save characters plus all reserved characters. This happens to be the safe path characters plus those characters which are reserved for URI segments, namely '+', '/', and '?'.
      See Also:
    • SAFEUSERINFOCHARS_URLENCODER

      public static final String SAFEUSERINFOCHARS_URLENCODER
      A string of characters that do not need to be encoded when used in URI user info part, as specified in RFC 3986. Note that some of these characters do need to be escaped when used in other parts of the URI.
      Since:
      1.15
      See Also:
    • SAFEQUERYSTRINGCHARS_URLENCODER

      public static final String SAFEQUERYSTRINGCHARS_URLENCODER
      A string of characters that do not need to be encoded when used in URI query strings, as specified in RFC 3986. Note that some of these characters do need to be escaped when used in other parts of the URI.
      See Also:
    • URI_ESCAPED_SPACE

      private static final char[] URI_ESCAPED_SPACE
    • UPPER_HEX_DIGITS

      private static final char[] UPPER_HEX_DIGITS
    • plusForSpace

      private final boolean plusForSpace
      If true we should convert space to the + character.
    • safeOctets

      private final boolean[] safeOctets
      An array of flags where for any char c if safeOctets[c] is true then c should remain unmodified in the output. If c > safeOctets.length then it should be escaped.
  • Constructor Details

    • PercentEscaper

      public PercentEscaper(String safeChars, boolean plusForSpace)
      Constructs a URI escaper with the specified safe characters and optional handling of the space character.
      Parameters:
      safeChars - a non null string specifying additional safe characters for this escaper (the ranges 0..9, a..z and A..Z are always safe and should not be specified here)
      plusForSpace - true if ASCII space should be escaped to + rather than %20
      Throws:
      IllegalArgumentException - if any of the parameters were invalid
  • Method Details

    • createSafeOctets

      private static boolean[] createSafeOctets(String safeChars)
      Creates a boolean[] with entries corresponding to the character values for 0-9, A-Z, a-z and those specified in safeChars set to true. The array is as small as is required to hold the given character information.
    • nextEscapeIndex

      protected int nextEscapeIndex(CharSequence csq, int index, int end)
      Description copied from class: UnicodeEscaper
      Scans a sub-sequence of characters from a given CharSequence, returning the index of the next character that requires escaping.

      Note: When implementing an escaper, it is a good idea to override this method for efficiency. The base class implementation determines successive Unicode code points and invokes UnicodeEscaper.escape(int) for each of them. If the semantics of your escaper are such that code points in the supplementary range are either all escaped or all unescaped, this method can be implemented more efficiently using CharSequence.charAt(int).

      Note however that if your escaper does not escape characters in the supplementary range, you should either continue to validate the correctness of any surrogate characters encountered or provide a clear warning to users that your escaper does not validate its input.

      See PercentEscaper for an example.

      Specified by:
      nextEscapeIndex in class UnicodeEscaper
      Parameters:
      csq - a sequence of characters
      index - the index of the first character to be scanned
      end - the index immediately after the last character to be scanned
    • escape

      public String escape(String s)
      Description copied from class: UnicodeEscaper
      Returns the escaped form of a given literal string.

      If you are escaping input in arbitrary successive chunks, then it is not generally safe to use this method. If an input string ends with an unmatched high surrogate character, then this method will throw IllegalArgumentException. You should ensure your input is valid UTF-16 before calling this method.

      Specified by:
      escape in class UnicodeEscaper
      Parameters:
      s - the literal string to be escaped
      Returns:
      the escaped form of string
    • escape

      protected char[] escape(int cp)
      Escapes the given Unicode code point in UTF-8.
      Specified by:
      escape in class UnicodeEscaper
      Parameters:
      cp - the Unicode code point to escape if necessary
      Returns:
      the replacement characters, or null if no escaping was needed