/** * Creates a SafeUrl object from the given {@code url}, validating that the input string matches * a pattern of commonly used safe URLs. If {@code url} fails validation, this method returns a * SafeUrl, {@link SafeUrl#INNOCUOUS}, which contains an innocuous string, * {@link SafeUrl#INNOCUOUS_STRING}. * * <p>{@code url} is sanitized as in {@link #sanitize(String)}, additionally permitting the * custom schemes listed in {@code extraAllowedSchemes}. */ public static SafeUrl sanitize(String url, Set<CustomSafeUrlScheme> extraAllowedSchemes) { if (!isSafeUrl(url, extraAllowedSchemes)) { return SafeUrl.INNOCUOUS; } return create(url); }
/** * Sanitizes the given {@code url}, validating that the input string matches a pattern of commonly * used safe URLs. If {@code url} fails validation, this method returns * {@code about:invalid#identifier}, with the given {@code identifier}. The identifier allows * users to trace a sanitized value to the library that performed the sanitization and hence * should be a unique string like "zLibraryNamez". * * <p>Specifically, {@code url} may be a URL with any of the default safe schemes (http, https, * ftp, mailto), or a relative URL (i.e., a URL without a scheme; specifically, a scheme-relative, * absolute-path-relative, or path-relative URL). * * @see http://url.spec.whatwg.org/#concept-relative-url */ public static String sanitizeAsString(String url, @CompileTimeConstant final String identifier) { if (!isSafeUrl(url, EMPTY_CUSTOM_SCHEMES)) { return "about:invalid#" + identifier; } return url; }