001package ca.uhn.fhir.util; 002 003/* 004 * #%L 005 * HAPI FHIR - Core Library 006 * %% 007 * Copyright (C) 2014 - 2021 Smile CDR, Inc. 008 * %% 009 * Licensed under the Apache License, Version 2.0 (the "License"); 010 * you may not use this file except in compliance with the License. 011 * You may obtain a copy of the License at 012 * 013 * http://www.apache.org/licenses/LICENSE-2.0 014 * 015 * Unless required by applicable law or agreed to in writing, software 016 * distributed under the License is distributed on an "AS IS" BASIS, 017 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 018 * See the License for the specific language governing permissions and 019 * limitations under the License. 020 * #L% 021 */ 022 023import java.util.StringTokenizer; 024 025public class UrlPathTokenizer { 026 027 private final StringTokenizer myTok; 028 029 public UrlPathTokenizer(String theRequestPath) { 030 myTok = new StringTokenizer(theRequestPath, "/"); 031 } 032 033 public boolean hasMoreTokens() { 034 return myTok.hasMoreTokens(); 035 } 036 037 /** 038 * Returns the next portion. Any URL-encoding is undone, but we will 039 * HTML encode the < and " marks since they are both 040 * not useful un URL paths in FHIR and potentially represent injection 041 * attacks. 042 * 043 * @see UrlUtil#sanitizeUrlPart(String) 044 * @see UrlUtil#unescape(String) 045 */ 046 public String nextTokenUnescapedAndSanitized() { 047 return UrlUtil.sanitizeUrlPart(UrlUtil.unescape(myTok.nextToken())); 048 } 049 050}