package org.jasig.portal.channels;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import org.jasig.portal.UPFileSpec;
import org.jasig.portal.channels.groupsmanager.GroupsManagerConstants;
import org.jasig.portal.layout.dlm.Constants;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.Text;
import org.xml.sax.Attributes;
import org.xml.sax.ContentHandler;
import org.xml.sax.Locator;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/jasig/portal/channels/SaferHTMLHandler.class */
public class SaferHTMLHandler implements ContentHandler {
    Node currentNode;
    StringBuffer chars = new StringBuffer();
    Document doc;
    private static final String[] SAFE_ELEMNTS = {"a", "abbr", "acronym", "address", "area", "b", "big", "blockquote", "br", "button", "caption", "center", "cite", "code", "col", "colgroup", "dd", "del", "dfn", "dir", "div", "dl", "dt", "em", "fieldset", "font", "form", "h1", "h2", "h3", "h4", "h5", "h6", "hr", "i", "img", "input", "ins", "kbd", "label", "legend", "li", "map", "menu", "ol", "optgroup", "option", "p", "pre", "q", "s", "samp", GroupsManagerConstants.SELECT_MODE, "small", "span", "strike", "strong", "sub", "sup", "table", "tbody", "td", "textarea", "tfoot", "th", "thead", "tr", "tt", Constants.FRAGMENT_ID_USER_PREFIX, "ul", "var"};
    private static final String[] SAFE_ATTS = {"abbr", "accept", "accept-charset", "accesskey", "action", "align", "alt", "axis", "border", "cellpadding", "cellspacing", "char", "charoff", "charset", "checked", "cite", "class", "clear", "cols", "colspan", "color", "compact", "coords", "datetime", "dir", "disabled", "enctype", "for", "frame", "headers", "height", "href", "hreflang", "hspace", "id", "ismap", "label", "lang", "longdesc", "maxlength", "media", "method", "multiple", "name", "nohref", "noshade", "nowrap", "prompt", "readonly", "rel", "rev", "rows", "rowspan", "rules", "scope", "selected", "shape", "size", "span", "src", "start", "summary", "tabindex", UPFileSpec.TARGET_URL_ELEMENT, "title", Constants.ATT_TYPE, "usemap", "valign", Constants.ATT_VALUE, "vspace", "width"};
    private static final String[] SAFE_URL_SCHEMES = {"http", "https", "ftp", "mailto"};
    private static final Set<String> SAFE_ELEMENTS_SET = Collections.unmodifiableSet(new HashSet(Arrays.asList(SAFE_ELEMNTS)));
    private static final Set<String> SAFE_ATTS_SET = Collections.unmodifiableSet(new HashSet(Arrays.asList(SAFE_ATTS)));
    private static final Set<String> SAFE_URL_SCHEMES_SET = Collections.unmodifiableSet(new HashSet(Arrays.asList(SAFE_URL_SCHEMES)));

    public SaferHTMLHandler(Document document, Node node) {
        this.doc = document;
        this.currentNode = node;
    }

    @Override // org.xml.sax.ContentHandler
    public void setDocumentLocator(Locator locator) {
    }

    @Override // org.xml.sax.ContentHandler
    public void startDocument() throws SAXException {
    }

    @Override // org.xml.sax.ContentHandler
    public void endDocument() throws SAXException {
        Text createTextNode = this.doc.createTextNode(this.chars.toString());
        this.chars = new StringBuffer();
        this.currentNode.appendChild(createTextNode);
    }

    @Override // org.xml.sax.ContentHandler
    public void startPrefixMapping(String str, String str2) throws SAXException {
    }

    @Override // org.xml.sax.ContentHandler
    public void endPrefixMapping(String str) throws SAXException {
    }

    @Override // org.xml.sax.ContentHandler
    public void startElement(String str, String str2, String str3, Attributes attributes) throws SAXException {
        if (SAFE_ELEMENTS_SET.contains(str3)) {
            if (this.chars.length() > 0) {
                Text createTextNode = this.doc.createTextNode(this.chars.toString());
                this.chars = new StringBuffer();
                this.currentNode.appendChild(createTextNode);
            }
            Element createElement = this.doc.createElement(str3);
            int length = attributes.getLength();
            for (int i = 0; i < length; i++) {
                String qName = attributes.getQName(i);
                String value = attributes.getValue(i);
                if (SAFE_ATTS_SET.contains(qName) && value != null) {
                    if (qName.toLowerCase().trim().equals("src") || qName.toLowerCase().trim().equals("href")) {
                        value = sanitizeURL(value);
                    }
                    createElement.setAttribute(qName, value);
                }
            }
            this.currentNode.appendChild(createElement);
            this.currentNode = createElement;
        }
    }

    @Override // org.xml.sax.ContentHandler
    public void endElement(String str, String str2, String str3) throws SAXException {
        if (SAFE_ELEMENTS_SET.contains(str3)) {
            if (this.chars.length() > 0) {
                Text createTextNode = this.doc.createTextNode(this.chars.toString());
                this.chars = new StringBuffer();
                this.currentNode.appendChild(createTextNode);
            }
            this.currentNode = this.currentNode.getParentNode();
        }
    }

    @Override // org.xml.sax.ContentHandler
    public void characters(char[] cArr, int i, int i2) throws SAXException {
        this.chars.append(cArr, i, i2);
    }

    @Override // org.xml.sax.ContentHandler
    public void ignorableWhitespace(char[] cArr, int i, int i2) throws SAXException {
    }

    @Override // org.xml.sax.ContentHandler
    public void processingInstruction(String str, String str2) throws SAXException {
    }

    @Override // org.xml.sax.ContentHandler
    public void skippedEntity(String str) throws SAXException {
    }

    private static String parseScheme(String str) {
        String str2;
        str2 = "";
        if (str != null) {
            String trim = str.trim();
            int indexOf = trim.indexOf(58);
            str2 = (indexOf >= 0 ? trim.substring(0, indexOf) : "").toLowerCase();
        }
        return str2;
    }

    public static String sanitizeURL(String str) {
        return SAFE_URL_SCHEMES_SET.contains(parseScheme(str)) ? str : "";
    }
}
