package com.apache.security.util;

import com.apache.tools.ConfigUtil;
import com.apache.tools.StrUtil;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/apache/security/util/XssUtil.class */
public class XssUtil {
    private static Logger log = LoggerFactory.getLogger(XssUtil.class);

    /* loaded from: input_file:com/apache/security/util/XssUtil$XssFilterTypeEnum.class */
    public enum XssFilterTypeEnum {
        ESCAPSE("escapse"),
        NO("no"),
        DELETE("delete");

        private String value;

        XssFilterTypeEnum(String str) {
            this.value = str;
        }

        public String getValue() {
            return this.value;
        }

        public static boolean checkValid(String str) {
            if (str == null) {
                return false;
            }
            return ESCAPSE.getValue().equals(str) || NO.getValue().equals(str) || DELETE.getValue().equals(str);
        }
    }

    public static String xssFilter(String str, String str2) {
        if (StrUtil.isNull(str)) {
            return str;
        }
        if (str.length() <= 200) {
            str = cleanXSS(str);
            log.info("request param=" + str);
        }
        return str;
    }

    public static boolean isNull(String str) {
        return null == str || "".equals(str.trim()) || ConfigUtil.NULL.equalsIgnoreCase(str.trim());
    }

    public static String doNull(String str, String str2) {
        return isNull(str) ? str2 : str;
    }

    public static boolean isNotNull(String str) {
        return !isNull(str);
    }

    private static String cleanXSS(String str) {
        return Pattern.compile("onload(.*?)=", 42).matcher(Pattern.compile("vbscript:", 2).matcher(Pattern.compile("javascript:", 2).matcher(Pattern.compile("e\u00adxpression\\((.*?)\\)", 42).matcher(Pattern.compile("eval\\((.*?)\\)", 42).matcher(Pattern.compile("<script(.*?)>", 42).matcher(Pattern.compile("</script>", 2).matcher(Pattern.compile("<script[^>]*?>.*?</script>", 2).matcher(str).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
    }
}
