package net.sourceforge.pmd.lang.jsp.rule.security;

import net.sourceforge.pmd.lang.jsp.ast.ASTElExpression;
import net.sourceforge.pmd.lang.jsp.ast.ASTElement;
import net.sourceforge.pmd.lang.jsp.rule.AbstractJspRule;

/* loaded from: input_file:net/sourceforge/pmd/lang/jsp/rule/security/NoUnsanitizedJSPExpressionRule.class */
public class NoUnsanitizedJSPExpressionRule extends AbstractJspRule {
    @Override // net.sourceforge.pmd.lang.jsp.ast.JspVisitor
    public Object visit(ASTElExpression aSTElExpression, Object obj) {
        if (elOutsideTaglib(aSTElExpression)) {
            addViolation(obj, aSTElExpression);
        }
        return super.visit(aSTElExpression, (ASTElExpression) obj);
    }

    private boolean elOutsideTaglib(ASTElExpression aSTElExpression) {
        ASTElement firstParentOfType = aSTElExpression.getFirstParentOfType(ASTElement.class);
        return ((firstParentOfType != null && firstParentOfType.getName() != null && firstParentOfType.getName().contains(":")) || (aSTElExpression.getImage() != null && aSTElExpression.getImage().matches("^fn:escapeXml\\(.+\\)$"))) ? false : true;
    }
}
