package im.dart.boot.common.util;

import im.dart.boot.common.constant.DartCode;
import java.util.regex.Pattern;

/* loaded from: input_file:im/dart/boot/common/util/XSSUtils.class */
public class XSSUtils {
    public static String cleanXSS(String str) {
        String replaceAll = Pattern.compile("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", 2).matcher(Pattern.compile("(eval\\((.*)\\)|script)", 2).matcher(str.replaceAll("<", "＜").replaceAll(">", "＞").replaceAll("\\(", "（").replaceAll("\\)", "）").replaceAll("'", "＇").replaceAll(";", "；").replaceAll("<", "& lt;").replaceAll(">", "& gt;").replaceAll("\\(", "& #40;").replaceAll("\\)", "& #41").replaceAll("eval\\((.*)\\)", "").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"").replaceAll("script", "").replaceAll("link", "").replaceAll("frame", "")).replaceAll("")).replaceAll("\"\"").replaceAll("script", "").replaceAll(";", "").replaceAll("0x0d", "").replaceAll("0x0a", "");
        if (str.equals(replaceAll)) {
            return replaceAll;
        }
        throw DartCode.CHECK_ERROR.exception("xss攻击检查：参数含有非法攻击字符");
    }
}
