package org.gbif.ws.util;

import java.util.regex.Pattern;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/gbif-common-ws-0.41.jar:org/gbif/ws/util/XSSUtil.class */
public class XSSUtil {
    private static final Logger LOG = LoggerFactory.getLogger((Class<?>) XSSUtil.class);
    private static final Pattern NULL_CHAR = Pattern.compile("��");
    private static final Pattern[] PATTERNS = {Pattern.compile("<script>(.*?)</script>", 2), Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42), Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42), Pattern.compile("</script>", 2), Pattern.compile("<iframe>(.*?)</iframe>", 2), Pattern.compile("<script(.*?)>", 42), Pattern.compile("<img(.*?)>", 42), Pattern.compile("eval\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("on(load|error|mouseover|submit|reset|focus|click)(.*?)=", 42)};

    private XSSUtil() {
    }

    public static boolean containsXSS(String str) {
        if (str == null) {
            return false;
        }
        String replaceAll = NULL_CHAR.matcher(str).replaceAll("");
        for (Pattern pattern : PATTERNS) {
            if (pattern.matcher(replaceAll).find()) {
                LOG.warn("Potentially malicious XSS script found: {}", replaceAll);
                return true;
            }
        }
        return false;
    }

    public static String stripXSS(String str) {
        if (str == null) {
            return null;
        }
        String replaceAll = NULL_CHAR.matcher(str).replaceAll("");
        if (StringUtils.isBlank(replaceAll)) {
            return replaceAll;
        }
        for (Pattern pattern : PATTERNS) {
            replaceAll = pattern.matcher(replaceAll).replaceAll("");
        }
        return replaceAll;
    }
}
