Added in API level 1


open class IllegalCharacterValueSanitizer : UrlQuerySanitizer.ValueSanitizer

Sanitize values based on which characters they contain. Illegal characters are replaced with either space or '_', depending upon whether space is a legal character or not.


static Int

  • Allow all but.
    • Nul ('\0')
    • Angle brackets ('<', '>')
  • Deny script URLs.

static Int

  • Allow all special characters except Nul. ('\0').
  • Allow script URLs.

static Int

  • Allow all special characters except for:
    • whitespace characters
    • Nul ('\0')
  • Allow script URLs.

static Int

  • Deny all special characters.
  • Deny script URLs.

static Int

Mask with all fields set to OK

static Int

Mask with both regular space and other whitespace OK

static Int

  • Allow ampersand.
  • Allow space.
  • Deny script URLs.

static Int

  • Allow ampersand.
  • Deny script URLs.

static Int

Allow ampersand characters ('&')

static Int

Allow double quote characters.

static Int

Allow greater-than characters.

static Int

Allow less-than characters.

static Int

Allow characters with character codes 128 to 255.

static Int

Allow nul characters ('\0')

static Int

Allow whitespace characters other than space.

static Int

Allow percent-sign characters ('%')

static Int

Allow text to start with a script URL such as "javascript:" or "vbscript:"

static Int

  • Allow space.
  • Deny script URLs.

static Int

Allow space (' ') characters.

static Int

Allow single quote characters.

static Int

  • Allow characters used by encoded URLs.
  • Allow spaces.
  • Deny script URLs.

static Int

  • Allow characters used by encoded URLs.
  • Deny script URLs.

Public constructors

Construct a sanitizer.

Public methods
open String!
sanitize(value: String!)

Sanitize a value.


Added in API level 1

  • Allow all but.
    • Nul ('\0')
    • Angle brackets ('<', '>')
  • Deny script URLs.

Value: 1439
Added in API level 1
static val ALL_BUT_NUL_LEGAL: Int

  • Allow all special characters except Nul. ('\0').
  • Allow script URLs.

Value: 1535
Added in API level 1

  • Allow all special characters except for:
    • whitespace characters
    • Nul ('\0')
  • Allow script URLs.

Value: 1532


Added in API level 1
static val ALL_ILLEGAL: Int

  • Deny all special characters.
  • Deny script URLs.

Value: 0


Added in API level 1
static val ALL_OK: Int

Mask with all fields set to OK

Value: 2047


Added in API level 1
static val ALL_WHITESPACE_OK: Int

Mask with both regular space and other whitespace OK

Value: 3
Added in API level 1
static val AMP_AND_SPACE_LEGAL: Int

  • Allow ampersand.
  • Allow space.
  • Deny script URLs.

Value: 129
Added in API level 1
static val AMP_LEGAL: Int

  • Allow ampersand.
  • Deny script URLs.

Value: 128


Added in API level 1
static val AMP_OK: Int

Allow ampersand characters ('&')

Value: 128


Added in API level 1
static val DQUOTE_OK: Int

Allow double quote characters. ('"')

Value: 8


Added in API level 1
static val GT_OK: Int

Allow greater-than characters. ('>')

Value: 64


Added in API level 1
static val LT_OK: Int

Allow less-than characters. ('<')

Value: 32


Added in API level 1
static val NON_7_BIT_ASCII_OK: Int

Allow characters with character codes 128 to 255.

Value: 4


Added in API level 1
static val NUL_OK: Int

Allow nul characters ('\0')

Value: 512


Added in API level 1

Allow whitespace characters other than space. The other whitespace characters are '\t' '\f' '\n' '\r' and '\0x000b' (vertical tab)

Value: 2


Added in API level 1
static val PCT_OK: Int

Allow percent-sign characters ('%')

Value: 256


Added in API level 1
static val SCRIPT_URL_OK: Int

Allow text to start with a script URL such as "javascript:" or "vbscript:"

Value: 1024
Added in API level 1
static val SPACE_LEGAL: Int

  • Allow space.
  • Deny script URLs.

Value: 1


Added in API level 1
static val SPACE_OK: Int

Allow space (' ') characters.

Value: 1


Added in API level 1
static val SQUOTE_OK: Int

Allow single quote characters. ('\'')

Value: 16
Added in API level 1
static val URL_AND_SPACE_LEGAL: Int

  • Allow characters used by encoded URLs.
  • Allow spaces.
  • Deny script URLs.

Value: 405
Added in API level 1
static val URL_LEGAL: Int

  • Allow characters used by encoded URLs.
  • Deny script URLs.

Value: 404

Public constructors


Added in API level 1
IllegalCharacterValueSanitizer(flags: Int)

Construct a sanitizer. The parameters set the behavior of the sanitizer.

flags Int: some combination of the XXX_OK flags.

Public methods


Added in API level 1
open fun sanitize(value: String!): String!

Sanitize a value.

  1. If script URLs are not OK, they will be removed.
  2. If neither spaces nor other white space is OK, then white space will be trimmed from the beginning and end of the URL. (Just the actual white space characters are trimmed, not other control codes.)
  3. Illegal characters will be replaced with either ' ' or '_', depending on whether a space is itself a legal character.

value String!:
String! the sanitized value