/** * Returns the next portion. Any URL-encoding is undone, but we will * HTML encode the < and " marks since they are both * not useful un URL paths in FHIR and potentially represent injection * attacks. * * @see UrlUtil#sanitizeUrlPart(String) * @see UrlUtil#unescape(String) */ public String nextTokenUnescapedAndSanitized() { return UrlUtil.sanitizeUrlPart(UrlUtil.unescape(myTok.nextToken())); }
public void setParameters(Map<String, String[]> theParams) { myParameters = theParams; myUnqualifiedToQualifiedNames = null; // Sanitize keys if necessary to prevent injection attacks boolean needsSanitization = false; for (String nextKey : theParams.keySet()) { if (UrlUtil.isNeedsSanitization(nextKey)) { needsSanitization = true; break; } } if (needsSanitization) { myParameters = myParameters .entrySet() .stream() .collect(Collectors.toMap(t -> UrlUtil.sanitizeUrlPart((String) ((Map.Entry) t).getKey()), t -> (String[]) ((Map.Entry) t).getValue())); } }
/** * Returns the next portion. Any URL-encoding is undone, but we will * HTML encode the < and " marks since they are both * not useful un URL paths in FHIR and potentially represent injection * attacks. * * @see UrlUtil#sanitizeUrlPart(String) * @see UrlUtil#unescape(String) */ public String nextTokenUnescapedAndSanitized() { return UrlUtil.sanitizeUrlPart(UrlUtil.unescape(myTok.nextToken())); }
public void setParameters(Map<String, String[]> theParams) { myParameters = theParams; myUnqualifiedToQualifiedNames = null; // Sanitize keys if necessary to prevent injection attacks boolean needsSanitization = false; for (String nextKey : theParams.keySet()) { if (UrlUtil.isNeedsSanitization(nextKey)) { needsSanitization = true; break; } } if (needsSanitization) { myParameters = myParameters .entrySet() .stream() .collect(Collectors.toMap(t -> UrlUtil.sanitizeUrlPart((String) ((Map.Entry) t).getKey()), t -> (String[]) ((Map.Entry) t).getValue())); } }