package net.mingsoft.basic.util;

import cn.hutool.core.net.URLDecoder;
import cn.hutool.core.util.StrUtil;
import java.nio.charset.StandardCharsets;
import java.util.regex.Pattern;
import net.mingsoft.base.exception.BusinessException;
import net.mingsoft.base.util.SqlInjectionUtil;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.safety.Whitelist;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:net/mingsoft/basic/util/JsoupUtil.class */
public class JsoupUtil {
    private static final Logger LOGGER = LoggerFactory.getLogger(JsoupUtil.class);
    private static final Whitelist WHITE_LIST = Whitelist.relaxed().preserveRelativeLinks(true);
    private static final Document.OutputSettings OUTPUT_SETTINGS = new Document.OutputSettings().prettyPrint(false);
    private static final String[] UNICODE_STR = {"+/v8", "+/v9", "+/v+", "+/v/"};
    private static final Pattern[] scriptPatterns = {Pattern.compile("<script>(.*?)</script>", 2), Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42), Pattern.compile("</script>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("eval\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("onload(.*?)=", 42), Pattern.compile("onerror(.*?)=", 42), Pattern.compile("::\\$DATA", 42)};

    public static boolean hasXSS(String str) {
        if (UrlEncoderUtils.hasUrlEncoded(str) && StrUtil.containsAny(URLDecoder.decode(str, StandardCharsets.UTF_8), UNICODE_STR)) {
            return true;
        }
        String str2 = str;
        for (Pattern pattern : scriptPatterns) {
            str2 = pattern.matcher(str2).replaceAll("");
        }
        return !str2.equals(str);
    }

    public static String clean(String str) {
        if (!hasXSS(str)) {
            return Jsoup.clean(str, "", WHITE_LIST, OUTPUT_SETTINGS);
        }
        LOGGER.error("xss content:{}", str);
        throw new BusinessException("当前请求存在xss攻击，有问题的内容：".concat(str));
    }

    public static String cleanOrSqlInjection(String str) {
        if (hasXSS(str)) {
            LOGGER.error("xss content:{}", str);
            throw new BusinessException("当前请求存在xss攻击，有问题的内容：".concat(str));
        }
        SqlInjectionUtil.filterContent(new String[]{str});
        return str;
    }

    static {
        WHITE_LIST.addAttributes(":all", new String[]{"style", "id", "class", "height", "width", "src"}).addAttributes("video", new String[]{"data-setup"});
    }
}
