package org.owasp.validator.html.scan;

import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.util.Date;
import java.util.Iterator;
import java.util.regex.Pattern;
import org.apache.batik.css.parser.ParseException;
import org.apache.batik.util.CSSConstants;
import org.apache.batik.util.SVGConstants;
import org.apache.batik.util.XMLConstants;
import org.apache.xerces.dom.DocumentImpl;
import org.apache.xml.serialize.HTMLSerializer;
import org.apache.xml.serialize.LineSeparator;
import org.apache.xml.serialize.OutputFormat;
import org.apache.xml.serialize.XHTMLSerializer;
import org.cyberneko.html.HTMLScanner;
import org.cyberneko.html.parsers.DOMFragmentParser;
import org.owasp.validator.css.CssScanner;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.owasp.validator.html.model.Attribute;
import org.owasp.validator.html.model.Tag;
import org.owasp.validator.html.util.ErrorMessageUtil;
import org.owasp.validator.html.util.HTMLEntityEncoder;
import org.w3c.dom.Comment;
import org.w3c.dom.DOMException;
import org.w3c.dom.Document;
import org.w3c.dom.DocumentFragment;
import org.w3c.dom.Element;
import org.w3c.dom.NamedNodeMap;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.w3c.dom.ProcessingInstruction;
import org.w3c.dom.Text;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXNotRecognizedException;

/* loaded from: input_file:org/owasp/validator/html/scan/AntiSamyDOMScanner.class */
public class AntiSamyDOMScanner extends AbstractAntiSamyScanner {
    private Document document;
    private DocumentFragment dom;
    private CleanResults results;

    @Override // org.owasp.validator.html.scan.AbstractAntiSamyScanner
    public CleanResults scan(String str, String str2, String str3) throws ScanException {
        if (str == null) {
            throw new ScanException(new NullPointerException("Null input"));
        }
        int maxInputSize = this.policy.getMaxInputSize();
        if (maxInputSize < str.length()) {
            addError(ErrorMessageUtil.ERROR_INPUT_SIZE, new Object[]{new Integer(str.length()), new Integer(maxInputSize)});
            throw new ScanException(this.errorMessages.get(0).toString());
        }
        this.isNofollowAnchors = "true".equals(this.policy.getDirective(Policy.ANCHORS_NOFOLLOW));
        this.isValidateParamAsEmbed = "true".equals(this.policy.getDirective(Policy.VALIDATE_PARAM_AS_EMBED));
        Date date = new Date();
        try {
            String stripNonValidXMLCharacters = stripNonValidXMLCharacters(str);
            DOMFragmentParser dOMFragmentParser = new DOMFragmentParser();
            dOMFragmentParser.setProperty("http://cyberneko.org/html/properties/names/elems", CSSConstants.CSS_LOWER_VALUE);
            dOMFragmentParser.setProperty("http://cyberneko.org/html/properties/default-encoding", str2);
            dOMFragmentParser.setFeature(HTMLScanner.STYLE_STRIP_CDATA_DELIMS, false);
            dOMFragmentParser.setFeature(HTMLScanner.CDATA_SECTIONS, true);
            try {
                dOMFragmentParser.setFeature("http://cyberneko.org/html/features/enforce-strict-attribute-names", true);
            } catch (SAXNotRecognizedException e) {
            }
            try {
                dOMFragmentParser.parse(new InputSource(new StringReader(stripNonValidXMLCharacters)), this.dom);
                int i = 0;
                while (i < this.dom.getChildNodes().getLength()) {
                    Node item = this.dom.getChildNodes().item(i);
                    recursiveValidateTag(item);
                    if (item.getParentNode() == null) {
                        i--;
                    }
                    i++;
                }
                OutputFormat outputFormat = new OutputFormat();
                outputFormat.setEncoding(str3);
                StringWriter stringWriter = new StringWriter();
                outputFormat.setEncoding(str3);
                outputFormat.setOmitXMLDeclaration("true".equals(this.policy.getDirective(Policy.OMIT_XML_DECLARATION)));
                outputFormat.setOmitDocumentType("true".equals(this.policy.getDirective(Policy.OMIT_DOCTYPE_DECLARATION)));
                outputFormat.setPreserveEmptyAttributes(true);
                if ("true".equals(this.policy.getDirective(Policy.FORMAT_OUTPUT))) {
                    outputFormat.setLineWidth(80);
                    outputFormat.setIndenting(true);
                    outputFormat.setIndent(2);
                }
                outputFormat.setPreserveSpace(this.policy.getDirective(Policy.PRESERVE_SPACE) != null ? "true".equals(this.policy.getDirective(Policy.PRESERVE_SPACE)) : true);
                if ("true".equals(this.policy.getDirective(Policy.USE_XHTML))) {
                    new XHTMLSerializer(stringWriter, outputFormat).serialize(this.dom);
                } else {
                    new HTMLSerializer(stringWriter, outputFormat).serialize(this.dom);
                }
                String stringBuffer = stringWriter.getBuffer().toString();
                if (stringBuffer.endsWith("\n") && !stripNonValidXMLCharacters.endsWith("\n")) {
                    if (stringBuffer.endsWith(LineSeparator.Windows)) {
                        stringBuffer = stringBuffer.substring(0, stringBuffer.length() - 2);
                    } else if (stringBuffer.endsWith("\n")) {
                        stringBuffer = stringBuffer.substring(0, stringBuffer.length() - 1);
                    }
                }
                this.results = new CleanResults(date, new Date(), stringBuffer, this.dom, this.errorMessages);
                return this.results;
            } catch (Exception e2) {
                throw new ScanException(e2);
            }
        } catch (IOException e3) {
            throw new ScanException(e3);
        } catch (SAXException e4) {
            throw new ScanException(e4);
        }
    }

    private void recursiveValidateTag(Node node) {
        Tag tagByName;
        if (node instanceof Comment) {
            String directive = this.policy.getDirective(Policy.PRESERVE_COMMENTS);
            if (directive == null || !"true".equals(directive)) {
                node.getParentNode().removeChild(node);
                return;
            }
            String data = ((Comment) node).getData();
            if (data != null) {
                ((Comment) node).setData(data.replaceAll("<?!?\\[\\s*(?:end)?if[^]]*\\]>?", ""));
                return;
            }
            return;
        }
        if ((node instanceof Element) && node.getChildNodes().getLength() == 0) {
            boolean z = false;
            int i = 0;
            while (i < Constants.allowedEmptyTags.length) {
                if (Constants.allowedEmptyTags[i].equalsIgnoreCase(node.getNodeName())) {
                    z = true;
                    i = Constants.allowedEmptyTags.length;
                }
                i++;
            }
            if (!z) {
                addError(ErrorMessageUtil.ERROR_TAG_EMPTY, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getNodeName())});
                node.getParentNode().removeChild(node);
                return;
            }
        }
        if ((node instanceof Text) && 4 == node.getNodeType()) {
            addError(ErrorMessageUtil.ERROR_CDATA_FOUND, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getTextContent())});
            node.getParentNode().insertBefore(this.document.createTextNode(node.getTextContent()), node);
            node.getParentNode().removeChild(node);
            return;
        }
        if (node instanceof ProcessingInstruction) {
            addError(ErrorMessageUtil.ERROR_PI_FOUND, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getTextContent())});
            node.getParentNode().removeChild(node);
        }
        if (node instanceof Element) {
            Element element = (Element) node;
            Node parentNode = element.getParentNode();
            String nodeName = element.getNodeName();
            Tag tagByName2 = this.policy.getTagByName(nodeName.toLowerCase());
            boolean z2 = false;
            if (tagByName2 == null && this.isValidateParamAsEmbed && "param".equals(nodeName.toLowerCase()) && (tagByName = this.policy.getTagByName(CSSConstants.CSS_EMBED_VALUE)) != null && "validate".equals(tagByName.getAction())) {
                tagByName2 = Constants.BASIC_PARAM_TAG_RULE;
                z2 = true;
            }
            if ((tagByName2 == null && "encode".equals(this.policy.getDirective(Policy.ENCODE_TAGS))) || (tagByName2 != null && "encode".equals(tagByName2.getAction()))) {
                addError(ErrorMessageUtil.ERROR_TAG_ENCODED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(nodeName)});
                int i2 = 0;
                while (i2 < node.getChildNodes().getLength()) {
                    Node item = node.getChildNodes().item(i2);
                    recursiveValidateTag(item);
                    if (item.getParentNode() == null) {
                        i2--;
                    }
                    i2++;
                }
                encodeAndPromoteChildren(element);
                return;
            }
            if (tagByName2 == null || "filter".equals(tagByName2.getAction())) {
                if (tagByName2 == null) {
                    addError(ErrorMessageUtil.ERROR_TAG_NOT_IN_POLICY, new Object[]{HTMLEntityEncoder.htmlEntityEncode(nodeName)});
                } else {
                    addError(ErrorMessageUtil.ERROR_TAG_FILTERED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(nodeName)});
                }
                int i3 = 0;
                while (i3 < node.getChildNodes().getLength()) {
                    Node item2 = node.getChildNodes().item(i3);
                    recursiveValidateTag(item2);
                    if (item2.getParentNode() == null) {
                        i3--;
                    }
                    i3++;
                }
                promoteChildren(element);
                return;
            }
            if (!"validate".equals(tagByName2.getAction())) {
                if (!Policy.ACTION_TRUNCATE.equals(tagByName2.getAction())) {
                    addError(ErrorMessageUtil.ERROR_TAG_DISALLOWED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(nodeName)});
                    parentNode.removeChild(element);
                    return;
                }
                NamedNodeMap attributes = element.getAttributes();
                while (attributes.getLength() > 0) {
                    addError(ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(attributes.item(0).getNodeName())});
                    element.removeAttribute(attributes.item(0).getNodeName());
                }
                NodeList childNodes = element.getChildNodes();
                int i4 = 0;
                int length = childNodes.getLength();
                for (int i5 = 0; i5 < length; i5++) {
                    Node item3 = childNodes.item(i4);
                    if (item3.getNodeType() != 3) {
                        element.removeChild(item3);
                    } else {
                        i4++;
                    }
                }
                return;
            }
            String str = null;
            if (z2) {
                str = element.getAttribute(SVGConstants.SVG_NAME_ATTRIBUTE);
                if (str != null && !"".equals(str)) {
                    element.setAttribute(str, element.getAttribute("value"));
                    element.removeAttribute(SVGConstants.SVG_NAME_ATTRIBUTE);
                    element.removeAttribute("value");
                    tagByName2 = this.policy.getTagByName(CSSConstants.CSS_EMBED_VALUE);
                }
            }
            if ("style".equals(nodeName.toLowerCase()) && this.policy.getTagByName("style") != null) {
                CssScanner cssScanner = new CssScanner(this.policy, this.messages);
                try {
                    if (node.getFirstChild() != null) {
                        CleanResults scanStyleSheet = cssScanner.scanStyleSheet(node.getFirstChild().getNodeValue(), this.policy.getMaxInputSize());
                        this.errorMessages.addAll(scanStyleSheet.getErrorMessages());
                        String cleanHTML = scanStyleSheet.getCleanHTML();
                        if (cleanHTML == null || cleanHTML.equals("")) {
                            node.getFirstChild().setNodeValue("/* */");
                        } else {
                            node.getFirstChild().setNodeValue(cleanHTML);
                        }
                    }
                } catch (NumberFormatException e) {
                    addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getFirstChild().getNodeValue())});
                    parentNode.removeChild(node);
                    return;
                } catch (ParseException e2) {
                    addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getFirstChild().getNodeValue())});
                    parentNode.removeChild(node);
                    return;
                } catch (ScanException e3) {
                    addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getFirstChild().getNodeValue())});
                    parentNode.removeChild(node);
                    return;
                } catch (DOMException e4) {
                    addError(ErrorMessageUtil.ERROR_CSS_TAG_MALFORMED, new Object[]{HTMLEntityEncoder.htmlEntityEncode(node.getFirstChild().getNodeValue())});
                    parentNode.removeChild(node);
                    return;
                }
            }
            int i6 = 0;
            while (i6 < element.getAttributes().getLength()) {
                Node item4 = element.getAttributes().item(i6);
                String nodeName2 = item4.getNodeName();
                String nodeValue = item4.getNodeValue();
                Attribute attributeByName = tagByName2.getAttributeByName(nodeName2.toLowerCase());
                if (attributeByName == null) {
                    attributeByName = this.policy.getGlobalAttributeByName(nodeName2);
                }
                boolean z3 = false;
                if ("style".equals(nodeName2.toLowerCase()) && attributeByName != null) {
                    try {
                        CleanResults scanInlineStyle = new CssScanner(this.policy, this.messages).scanInlineStyle(nodeValue, nodeName, this.policy.getMaxInputSize());
                        item4.setNodeValue(scanInlineStyle.getCleanHTML());
                        this.errorMessages.addAll(scanInlineStyle.getErrorMessages());
                    } catch (ScanException e5) {
                        addError(ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(node.getNodeValue())});
                        element.removeAttribute(item4.getNodeName());
                        i6--;
                    } catch (DOMException e6) {
                        addError(ErrorMessageUtil.ERROR_CSS_ATTRIBUTE_MALFORMED, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(node.getNodeValue())});
                        element.removeAttribute(item4.getNodeName());
                        i6--;
                    }
                } else if (attributeByName != null) {
                    Iterator it = attributeByName.getAllowedValues().iterator();
                    while (it.hasNext() && !z3) {
                        String str2 = (String) it.next();
                        if (str2 != null && str2.toLowerCase().equals(nodeValue.toLowerCase())) {
                            z3 = true;
                        }
                    }
                    Iterator it2 = attributeByName.getAllowedRegExp().iterator();
                    while (it2.hasNext() && !z3) {
                        Pattern pattern = (Pattern) it2.next();
                        if (pattern != null && pattern.matcher(nodeValue.toLowerCase()).matches()) {
                            z3 = true;
                        }
                    }
                    if (z3) {
                        continue;
                    } else {
                        String onInvalid = attributeByName.getOnInvalid();
                        if ("removeTag".equals(onInvalid)) {
                            parentNode.removeChild(element);
                            addError(ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID_REMOVED, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(nodeName2), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                            return;
                        }
                        if ("filterTag".equals(onInvalid)) {
                            int i7 = 0;
                            while (i7 < node.getChildNodes().getLength()) {
                                Node item5 = node.getChildNodes().item(i7);
                                recursiveValidateTag(item5);
                                if (item5.getParentNode() == null) {
                                    i7--;
                                }
                                i7++;
                            }
                            promoteChildren(element);
                            addError("error.attribute.invalid.filtered", new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(nodeName2), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                        } else if ("encodeTag".equals(onInvalid)) {
                            int i8 = 0;
                            while (i8 < node.getChildNodes().getLength()) {
                                Node item6 = node.getChildNodes().item(i8);
                                recursiveValidateTag(item6);
                                if (item6.getParentNode() == null) {
                                    i8--;
                                }
                                i8++;
                            }
                            encodeAndPromoteChildren(element);
                            addError(ErrorMessageUtil.ERROR_ATTRIBUTE_CAUSE_ENCODE, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(nodeName2), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                        } else {
                            element.removeAttribute(item4.getNodeName());
                            i6--;
                            addError(ErrorMessageUtil.ERROR_ATTRIBUTE_INVALID, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(nodeName2), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                            if ("removeTag".equals(onInvalid) || "filterTag".equals(onInvalid)) {
                                return;
                            }
                        }
                    }
                } else {
                    addError(ErrorMessageUtil.ERROR_ATTRIBUTE_NOT_IN_POLICY, new Object[]{nodeName, HTMLEntityEncoder.htmlEntityEncode(nodeName2), HTMLEntityEncoder.htmlEntityEncode(nodeValue)});
                    element.removeAttribute(item4.getNodeName());
                    i6--;
                }
                i6++;
            }
            if (this.isNofollowAnchors && SVGConstants.SVG_A_TAG.equals(nodeName.toLowerCase())) {
                element.setAttribute("rel", "nofollow");
            }
            int i9 = 0;
            while (i9 < node.getChildNodes().getLength()) {
                Node item7 = node.getChildNodes().item(i9);
                recursiveValidateTag(item7);
                if (item7.getParentNode() == null) {
                    i9--;
                }
                i9++;
            }
            if (!z2 || str == null || "".equals(str)) {
                return;
            }
            String attribute = element.getAttribute(str);
            element.setAttribute(SVGConstants.SVG_NAME_ATTRIBUTE, str);
            element.setAttribute("value", attribute);
            element.removeAttribute(str);
        }
    }

    public static void main(String[] strArr) throws PolicyException {
    }

    public AntiSamyDOMScanner(Policy policy) {
        super(policy);
        this.document = new DocumentImpl();
        this.dom = this.document.createDocumentFragment();
        this.results = null;
    }

    public AntiSamyDOMScanner() throws PolicyException {
        this.document = new DocumentImpl();
        this.dom = this.document.createDocumentFragment();
        this.results = null;
    }

    private void promoteChildren(Element element) {
        NodeList childNodes = element.getChildNodes();
        Node parentNode = element.getParentNode();
        while (childNodes.getLength() > 0) {
            parentNode.insertBefore(element.removeChild(childNodes.item(0)), element);
        }
        parentNode.removeChild(element);
    }

    private String stripNonValidXMLCharacters(String str) {
        return (str == null || "".equals(str)) ? "" : str.replaceAll("[\\u0000-\\u001F\\uD800-\\uDFFF\\uFFFE-\\uFFFF&&[^\\u0009\\u000A\\u000D]]", "");
    }

    private void encodeAndPromoteChildren(Element element) {
        Node parentNode = element.getParentNode();
        String tagName = element.getTagName();
        parentNode.insertBefore(parentNode.getOwnerDocument().createTextNode(toString(element)), element);
        if (element.hasChildNodes()) {
            parentNode.insertBefore(parentNode.getOwnerDocument().createTextNode(new StringBuffer().append(XMLConstants.XML_CLOSE_TAG_START).append(tagName).append(XMLConstants.XML_CLOSE_TAG_END).toString()), element.getNextSibling());
        }
        promoteChildren(element);
    }

    private String toString(Element element) {
        StringBuffer stringBuffer = new StringBuffer(new StringBuffer().append(XMLConstants.XML_OPEN_TAG_START).append(element.getNodeName()).toString());
        NamedNodeMap attributes = element.getAttributes();
        for (int i = 0; i < attributes.getLength(); i++) {
            Node item = attributes.item(i);
            String nodeName = item.getNodeName();
            String nodeValue = item.getNodeValue();
            stringBuffer.append(XMLConstants.XML_SPACE);
            stringBuffer.append(HTMLEntityEncoder.htmlEntityEncode(nodeName));
            stringBuffer.append(XMLConstants.XML_EQUAL_QUOT);
            stringBuffer.append(HTMLEntityEncoder.htmlEntityEncode(nodeValue));
            stringBuffer.append(XMLConstants.XML_DOUBLE_QUOTE);
        }
        if (element.hasChildNodes()) {
            stringBuffer.append(XMLConstants.XML_CLOSE_TAG_END);
        } else {
            stringBuffer.append("/>");
        }
        return stringBuffer.toString();
    }

    @Override // org.owasp.validator.html.scan.AbstractAntiSamyScanner
    public CleanResults getResults() {
        return this.results;
    }
}
