how do I encode a complete http url String correctly?

Question

I get a url string from a user and would like to transform it to a legal http url:

"http://one.two/three?four five" should turn into "http://one.two/three?four%20five"

however, URLEncoder does not help, as it encodes the entire string (including the legal "://").

help?

score 6 · Answer 1 · answered Jul 20 '10 at 17:24

6

Use the URL class. For example:

URL url = new URL(urlString);
String encodedQueryString = URLEncoder.encode(url.getQuery());
String encodedUrl = urlString.replace(url.getQuery(), encodedQueryString);

The third line might be different - for example constructing a new URL from all its parts.

answered Jul 20 '10 at 17:24

Bozho

588,226
146
1,060
1,140

1

Should we encode query parameter separators like `?` and `=`? – Ajinkya Jan 30 '15 at 16:33

score 5 · Accepted Answer · answered Feb 07 '17 at 19:18

With external library:

import org.apache.commons.httpclient.util.URIUtil;
String myUrl_1= "http://one.two/three?four five";
System.out.println(URIUtil.encodeQuery(myUrl_1));

And the output:

http://one.two/three?four%20five

Or

String webResourceURL = "http://stackoverflow.com/search?q=<script>alert(1)</script> s";
System.out.println(URIUtil.encodeQuery(webResourceURL));

And the output:

http://stackoverflow.com/search?q=%3Cscript%3Ealert(1)%3C/script%3E%20s

And the Maven dependency

<dependency>
    <groupId>commons-httpclient</groupId>
    <artifactId>commons-httpclient</artifactId>
    <version>3.1</version>
</dependency>

how do I encode a complete http url String correctly?

2 Answers2

Linked