package com.nhncorp.lucy.security.xss.listener;

import com.nhncorp.lucy.security.xss.event.ElementListener;
import com.nhncorp.lucy.security.xss.markup.Element;

/* loaded from: input_file:com/nhncorp/lucy/security/xss/listener/EmbedSecurityListener.class */
public class EmbedSecurityListener implements ElementListener {
    ContentTypeCacheRepo contentTypeCacheRepo = new ContentTypeCacheRepo();

    @Override // com.nhncorp.lucy.security.xss.event.ElementListener
    public void handleElement(Element element) {
        if (element.isDisabled()) {
            return;
        }
        String attributeValue = element.getAttributeValue("src");
        boolean isWhiteUrl = isWhiteUrl(attributeValue);
        if (SecurityUtils.checkVulnerableWithHttp(element, attributeValue, isWhiteUrl, this.contentTypeCacheRepo)) {
            element.setEnabled(false);
            return;
        }
        element.putAttribute("invokeURLs", "\"false\"");
        element.putAttribute("autostart", "\"false\"");
        element.putAttribute("allowScriptAccess", "\"never\"");
        if (isWhiteUrl) {
            element.putAttribute("allowNetworking", "\"all\"");
        } else {
            element.putAttribute("allowNetworking", "\"internal\"");
        }
    }

    private boolean isWhiteUrl(String str) {
        WhiteUrlList whiteUrlList = WhiteUrlList.getInstance();
        return whiteUrlList != null && whiteUrlList.contains(str);
    }
}
