package com.github.zuihou.xss.utils;

import cn.hutool.core.collection.CollectionUtil;
import cn.hutool.core.util.StrUtil;
import java.io.IOException;
import java.io.InputStream;
import java.util.Iterator;
import java.util.List;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/github/zuihou/xss/utils/XssUtils.class */
public class XssUtils {
    private static final Logger log = LoggerFactory.getLogger(XssUtils.class);
    private static final String ANTISAMY_SLASHDOT_XML = "antisamy-slashdot-1.4.4.xml";
    private static Policy policy;

    public static String xssClean(String str, List<String> list) {
        AntiSamy antiSamy = new AntiSamy();
        try {
            log.debug("raw value before xssClean: " + str);
            if (isIgnoreParamValue(str, list)) {
                log.debug("ignore the xssClean,keep the raw paramValue: " + str);
                return str;
            }
            CleanResults scan = antiSamy.scan(str, policy);
            List errorMessages = scan.getErrorMessages();
            Logger logger = log;
            logger.getClass();
            errorMessages.forEach(logger::debug);
            String replaceAll = scan.getCleanHTML().replaceAll("&quot;", "\"").replaceAll("&amp;", "&").replaceAll("'", "'").replaceAll("'", "＇").replaceAll("&lt;", "<").replaceAll("&gt;", ">");
            log.debug("xssfilter value after xssClean" + replaceAll);
            return replaceAll;
        } catch (PolicyException e) {
            log.error("antisamy convert failed  armter is [" + str + "]", e);
            return str;
        } catch (ScanException e2) {
            log.error("scan failed armter is [" + str + "]", e2);
            return str;
        }
    }

    private static boolean isIgnoreParamValue(String str, List<String> list) {
        if (StrUtil.isBlank(str)) {
            return true;
        }
        if (CollectionUtil.isEmpty(list)) {
            return false;
        }
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            if (str.contains(it.next())) {
                return true;
            }
        }
        return false;
    }

    static {
        policy = null;
        log.debug(" start read XSS configfile [antisamy-slashdot-1.4.4.xml]");
        InputStream resourceAsStream = XssUtils.class.getClassLoader().getResourceAsStream(ANTISAMY_SLASHDOT_XML);
        try {
            try {
                policy = Policy.getInstance(resourceAsStream);
                log.debug("read XSS configfile [antisamy-slashdot-1.4.4.xml] success");
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (IOException e) {
                        log.error("close XSS configfile [antisamy-slashdot-1.4.4.xml] fail , reason:", e);
                    }
                }
            } catch (Throwable th) {
                if (resourceAsStream != null) {
                    try {
                        resourceAsStream.close();
                    } catch (IOException e2) {
                        log.error("close XSS configfile [antisamy-slashdot-1.4.4.xml] fail , reason:", e2);
                    }
                }
                throw th;
            }
        } catch (PolicyException e3) {
            log.error("read XSS configfile [antisamy-slashdot-1.4.4.xml] fail , reason:", e3);
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (IOException e4) {
                    log.error("close XSS configfile [antisamy-slashdot-1.4.4.xml] fail , reason:", e4);
                }
            }
        }
    }
}
