public String getValidHref()

in src/main/java/org/apache/sling/xss/impl/XSSAPIImpl.java [181:203]

• 19 lines of code
• 4 McCabe index (conditional complexity)

    public String getValidHref(final String url) {
        if (StringUtils.isNotEmpty(url)) {
            // Percent-encode characters that are not allowed in unquoted
            // HTML attributes: ", ', >, <, ` and space. We don't encode =
            // since this would break links with query parameters.
            String encodedUrl = url.replace("\"", "%22")
                    .replace("'", "%27")
                    .replace(">", "%3E")
                    .replace("<", "%3C")
                    .replace("`", "%60")
                    .replace(" ", "%20");
            try {
                if (xssFilter.isValidHref(encodedUrl)) {
                    return encodedUrl;
                }
            } catch (Throwable t) {
                LOGGER.warn("Unable to validate URL.", t);
                LOGGER.debug("Passed URL: {}", url);
            }
        }
        // fall through to empty string
        return "";
    }