001/* 002 * #%L 003 * HAPI FHIR - Core Library 004 * %% 005 * Copyright (C) 2014 - 2023 Smile CDR, Inc. 006 * %% 007 * Licensed under the Apache License, Version 2.0 (the "License"); 008 * you may not use this file except in compliance with the License. 009 * You may obtain a copy of the License at 010 * 011 * http://www.apache.org/licenses/LICENSE-2.0 012 * 013 * Unless required by applicable law or agreed to in writing, software 014 * distributed under the License is distributed on an "AS IS" BASIS, 015 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 016 * See the License for the specific language governing permissions and 017 * limitations under the License. 018 * #L% 019 */ 020package ca.uhn.fhir.util; 021 022import java.util.StringTokenizer; 023 024public class UrlPathTokenizer { 025 026 private final StringTokenizer myTok; 027 028 public UrlPathTokenizer(String theRequestPath) { 029 myTok = new StringTokenizer(theRequestPath, "/"); 030 } 031 032 public boolean hasMoreTokens() { 033 return myTok.hasMoreTokens(); 034 } 035 036 /** 037 * Returns the next portion. Any URL-encoding is undone, but we will 038 * HTML encode the < and " marks since they are both 039 * not useful un URL paths in FHIR and potentially represent injection 040 * attacks. 041 * 042 * @see UrlUtil#sanitizeUrlPart(String) 043 * @see UrlUtil#unescape(String) 044 */ 045 public String nextTokenUnescapedAndSanitized() { 046 return UrlUtil.sanitizeUrlPart(UrlUtil.unescape(myTok.nextToken())); 047 } 048 049}