package com.yucheng.cmis.xssfilter;

import com.yucheng.cmis.pub.util.NewStringUtils;
import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

/* loaded from: input_file:com/yucheng/cmis/xssfilter/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    public String getHeader(String str) {
        return xssEncode(super.getHeader(str));
    }

    public String getParameter(String str) {
        return xssEncode(super.getParameter(str));
    }

    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return super.getParameterValues(str);
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = xssEncode(parameterValues[i]);
        }
        return strArr;
    }

    public String xssEncode(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        String stripXSS = stripXSS(str);
        if (stripXSS != null) {
            stripXSS = escape(stripXSS);
        }
        return stripXSS;
    }

    public String escape(String str) {
        StringBuilder sb = new StringBuilder(str.length() + 16);
        for (int i = 0; i < str.length(); i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\"':
                    sb.append((char) 8220);
                    break;
                case '%':
                    sb.append((char) 65285);
                    break;
                case '\'':
                    sb.append((char) 8216);
                    break;
                case '<':
                    sb.append((char) 65308);
                    break;
                case '>':
                    sb.append((char) 65310);
                    break;
                case '\\':
                    sb.append((char) 65340);
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    private String stripXSS(String str) {
        if (str != null) {
            str = Pattern.compile("<iframe(.*?)>", 42).matcher(Pattern.compile("</iframe>", 2).matcher(Pattern.compile("<iframe>(.*?)</iframe>", 2).matcher(Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("vbscript:", 2).matcher(Pattern.compile("javascript:", 2).matcher(Pattern.compile("expression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<script(.*?)>", 42).matcher(Pattern.compile("</script>", 2).matcher(Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42).matcher(Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42).matcher(Pattern.compile("<script>(.*?)</script>", 2).matcher(str.replaceAll(NewStringUtils.EMPTY, NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY)).replaceAll(NewStringUtils.EMPTY);
        }
        return str;
    }
}
