public interface SafeUri
Note on usage: SafeUri should be used to ensure user input is not executed in the browser. SafeUri should not be used to sanitize input before sending it to the server: The server cannot rely on the type contract of SafeUri values received from clients, because a malicious client could provide maliciously crafted serialized forms of implementations of this type that violate the type contract.
All implementing classes must maintain the class invariant (by design and
implementation and/or convention of use), that invoking
on any instance will return a string that is safe to assign to a URL-typed
DOM or CSS property in a browser (or to use similarly in a "URL context"), in
the sense that doing so must not cause unintended execution of script in the
In determining safety of a URL both the value itself as well as its
provenance matter. An arbitrary URI, including e.g. a
contract if it is entirely under the program's control (e.g., a string
All implementations must implement equals() and hashCode() to behave consistently with the result of asString().equals() and asString.hashCode().
Implementations must not return
|Modifier and Type||Method and Description|
Returns this object's contained URI as a string.
Compares this string to the specified object.
Returns a hash code for this string.
Based on this class' contract, the returned value will be non-null and a string that is safe to use in a URL context.
boolean equals(java.lang.Object anObject)
anObject- the object to compare to