package com.jeecms.utils;

import cn.hutool.core.util.ReUtil;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/jeecms/utils/XssUtil.class */
public class XssUtil {
    static Logger logger = LoggerFactory.getLogger(XssUtil.class);
    static Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", 2);
    static Pattern scriptPatternSrc = Pattern.compile("src=\"(.*?)", 2);
    static Pattern scriptPatternHref = Pattern.compile("href=\"(.*?)", 2);
    static Pattern singleScriptPattern = Pattern.compile("</script>", 2);
    static Pattern singleBeginScriptPattern = Pattern.compile("<script(.*?)>", 42);
    static Pattern singleBeginIframePattern = Pattern.compile("(.*?)<iframe(.*?)>", 42);
    static Pattern criptPattern = Pattern.compile("eval\\((.*?)\\)", 42);
    static Pattern expressionPattern = Pattern.compile("expression\\((.*?)\\)", 42);
    static Pattern javascriptPattern = Pattern.compile("javascript:", 2);
    static Pattern alertPattern = Pattern.compile("(.*?)alert(.*?)", 2);
    static Pattern importPattern = Pattern.compile("(.*?)import(.*?)", 2);
    static Pattern functionPattern = Pattern.compile("(.*?)function(.*?)", 2);
    static Pattern vbscriptPattern = Pattern.compile("vbscript:", 2);
    static Pattern onScriptPattern = Pattern.compile("on(.*?)=['|\"](.*?)['|\"]", 42);
    static Set<String> rechTextClasses = new HashSet();

    public static void main(String[] strArr) {
        "ClassLoader".getBytes();
        System.out.println("com.jeecms.utils.ReflectUtil");
    }

    public static Set<String> getRechTextClassNames() {
        return rechTextClasses;
    }

    public static boolean isRechTextClass(String str) {
        if (StringUtils.isBlank(str)) {
            return false;
        }
        Iterator<String> it = rechTextClasses.iterator();
        while (it.hasNext()) {
            if (str.endsWith(it.next())) {
                return true;
            }
        }
        return false;
    }

    public static String cleanXSS(String str, String str2) {
        return isRechTextClass(str) ? str2 : cleanXSS(str2);
    }

    public static String cleanXSS(String str) {
        if (str != null) {
            str = onScriptPattern.matcher(vbscriptPattern.matcher(functionPattern.matcher(importPattern.matcher(alertPattern.matcher(javascriptPattern.matcher(expressionPattern.matcher(criptPattern.matcher(singleBeginIframePattern.matcher(singleBeginScriptPattern.matcher(singleScriptPattern.matcher(scriptPatternHref.matcher(scriptPatternSrc.matcher(scriptPattern.matcher(str).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
            if (str.contains("%df") || str.contains("%22") || str.contains("%3E") || str.contains("%3e") || str.contains("%3C") || str.contains("%3c") || str.contains("<") || str.contains(">") || str.contains("\"") || str.contains("'") || str.contains(" and ") || str.contains(" or ") || str.contains("1=1") || str.contains("(") || str.contains(")")) {
                str.replace("%df", "");
                str.replace("%22", "");
                str.replace("%3E", "");
                str.replace("%3e", "");
                str.replace("%3C", "");
                str.replace("%3c", "");
                str.replace("<", "");
                str.replace(">", "");
                str.replace("'", "");
                str.replace(" and ", "");
                str.replace(" or ", "");
                str.replace("1=1", "");
                str.replace("(", "");
                str.replace(")", "");
            }
        }
        return str;
    }

    public static boolean containXss(String str) {
        if (str != null) {
            return ReUtil.isMatch(scriptPattern.pattern(), str) || ReUtil.isMatch(scriptPatternSrc.pattern(), str) || ReUtil.isMatch(scriptPatternHref.pattern(), str) || ReUtil.isMatch(singleScriptPattern.pattern(), str) || ReUtil.isMatch(singleBeginScriptPattern.pattern(), str) || ReUtil.isMatch(singleBeginIframePattern.pattern(), str) || ReUtil.isMatch(criptPattern.pattern(), str) || ReUtil.isMatch(expressionPattern.pattern(), str) || ReUtil.isMatch(javascriptPattern.pattern(), str) || ReUtil.isMatch(alertPattern.pattern(), str) || ReUtil.isMatch(importPattern.pattern(), str) || ReUtil.isMatch(functionPattern.pattern(), str) || ReUtil.isMatch(vbscriptPattern.pattern(), str) || ReUtil.isMatch(onScriptPattern.pattern(), str) || str.contains("%df") || str.contains("%22") || str.contains("%3E") || str.contains("%3e") || str.contains("%3C") || str.contains("%3c") || str.contains(" and ") || str.contains(" or ") || str.contains("1=1");
        }
        return false;
    }

    static {
        rechTextClasses.add("Article");
        rechTextClasses.add("ProductTxt");
        rechTextClasses.add("ProductDTO");
    }
}
