package io.gitee.ludii.excel.utils;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:io/gitee/ludii/excel/utils/EncodeUtils.class */
class EncodeUtils {
    private static final Logger logger = LoggerFactory.getLogger(EncodeUtils.class);
    private static final List<Pattern> XSS_PATTERNS = new ArrayList();

    EncodeUtils() {
    }

    public static String xssFilter(String str) {
        Object trim = StringUtils.trim(str);
        if (str == null) {
            return null;
        }
        String str2 = trim;
        Iterator<Pattern> it = XSS_PATTERNS.iterator();
        while (it.hasNext()) {
            Matcher matcher = it.next().matcher(str2);
            if (matcher.find()) {
                str2 = matcher.replaceAll(ExcelUtils.EMPTY);
            }
        }
        if (!StringUtils.startsWithIgnoreCase(str2, "<!--HTML-->") && !StringUtils.startsWithIgnoreCase(str2, "<?xml ") && !StringUtils.contains(str2, "id=\"FormHtml\"") && ((!StringUtils.startsWith(str2, "{") || !StringUtils.endsWith(str2, "}")) && (!StringUtils.startsWith(str2, "[") || !StringUtils.endsWith(str2, "]")))) {
            StringBuilder sb = new StringBuilder();
            for (int i = 0; i < str2.length(); i++) {
                char charAt = str2.charAt(i);
                switch (charAt) {
                    case '\"':
                        sb.append("＂");
                        break;
                    case '\'':
                        sb.append("＇");
                        break;
                    case '<':
                        sb.append("＜");
                        break;
                    case '>':
                        sb.append("＞");
                        break;
                    default:
                        sb.append(charAt);
                        break;
                }
            }
            str2 = sb.toString();
        }
        if (logger.isInfoEnabled() && !str2.equals(trim)) {
            logger.info("xssFilter: {}   <=<=<=   {}", str2, str);
        }
        return str2;
    }

    static {
        XSS_PATTERNS.add(Pattern.compile("(<\\s*(script|link|style|iframe)([\\s\\S]*?)(>|</\\s*\\1\\s*>))|(</\\s*(script|link|style|iframe)\\s*>)", 2));
        XSS_PATTERNS.add(Pattern.compile("\\s*(href|src)\\s*=\\s*(\"\\s*(javascript|vbscript):[^\"]+\"|'\\s*(javascript|vbscript):[^']+'|(javascript|vbscript):[^\\s]+)\\s*(?=>)", 2));
        XSS_PATTERNS.add(Pattern.compile("\\s*on[a-z]+\\s*=\\s*(\"[^\"]+\"|'[^']+'|[^\\s]+)\\s*(?=>)", 2));
        XSS_PATTERNS.add(Pattern.compile("(eval\\((.*?)\\)|xpression\\((.*?)\\))", 2));
        XSS_PATTERNS.add(Pattern.compile("^(javascript:|vbscript:)", 2));
    }
}
