package com.sankuai.security.sdk.core.xss;

import com.sankuai.security.owasp.validator.html.AntiSamy;
import com.sankuai.security.owasp.validator.html.Policy;
import com.sankuai.security.owasp.validator.html.PolicyException;
import com.sankuai.security.owasp.validator.html.ScanException;
import com.sankuai.security.sdk.core.ssrf.SSRFChecker;
import com.sankuai.security.sdk.util.StringUtils;
import org.apache.batik.util.XMLConstants;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Element;
import org.jsoup.select.NodeTraversor;

/* loaded from: input_file:com/sankuai/security/sdk/core/xss/XssSanitiser.class */
public class XssSanitiser {
    private static final Log logger = LogFactory.getLog(SSRFChecker.class);
    private static final String ANTI_SAMY_FILE_PATH = "/antisamy-myspace-1.5.7.xml";

    public static String encodeForHTML(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        int length = str.length();
        StringBuilder sb = new StringBuilder(length);
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\t':
                    sb.append("&#x09;");
                    break;
                case '\n':
                    sb.append("&#x0A;");
                    break;
                case '\f':
                    sb.append("&#x0C;");
                    break;
                case '\r':
                    sb.append("&#x0D;");
                    break;
                case ' ':
                    sb.append("&#x20;");
                    break;
                case '\"':
                    sb.append(XMLConstants.XML_ENTITY_QUOT);
                    break;
                case '&':
                    sb.append(XMLConstants.XML_ENTITY_AMP);
                    break;
                case '\'':
                    sb.append("&#39;");
                    break;
                case '/':
                    sb.append("&#x2F;");
                    break;
                case '<':
                    sb.append(XMLConstants.XML_ENTITY_LT);
                    break;
                case '>':
                    sb.append(XMLConstants.XML_ENTITY_GT);
                    break;
                case '\\':
                    sb.append("&#x5C;");
                    break;
                case 8232:
                    sb.append("&#x2028;");
                    break;
                case 8233:
                    sb.append("&#x2029;");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    public static String stripForHTML(String str) {
        return StringUtils.isBlank(str) ? str : getPlainText(Jsoup.parse(str));
    }

    public static String encodeForJavaScript(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        int length = str.length();
        StringBuilder sb = new StringBuilder(length);
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\b':
                    sb.append("\\u0008");
                    break;
                case '\t':
                    sb.append("\\u0009");
                    break;
                case '\n':
                    sb.append("\\u000A");
                    break;
                case 11:
                    sb.append("\\u000B");
                    break;
                case '\f':
                    sb.append("\\u000C");
                    break;
                case '\r':
                    sb.append("\\u000D");
                    break;
                case '\"':
                    sb.append("\\u0022");
                    break;
                case '%':
                    sb.append("\\u0025");
                    break;
                case '&':
                    sb.append("\\u0026");
                    break;
                case '\'':
                    sb.append("\\u0027");
                    break;
                case '/':
                    sb.append("\\u002F");
                    break;
                case '<':
                    sb.append("\\u003C");
                    break;
                case '>':
                    sb.append("\\u003E");
                    break;
                case '\\':
                    sb.append("\\u005C");
                    break;
                case 8232:
                    sb.append("\\u2028");
                    break;
                case 8233:
                    sb.append("\\u2029");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    public static String getCleanHTML(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        try {
            return new AntiSamy().scan(str, Policy.getInstance(XssSanitiser.class.getResourceAsStream(ANTI_SAMY_FILE_PATH))).getCleanHTML();
        } catch (PolicyException | ScanException e) {
            logger.warn("Error occurs while processing rich text " + str, e);
            return str;
        }
    }

    public static String encodeForURL(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        int length = str.length();
        StringBuilder sb = new StringBuilder();
        for (int i = 0; i < length; i++) {
            char charAt = str.charAt(i);
            switch (charAt) {
                case '\t':
                    sb.append("%09");
                    break;
                case '\n':
                    sb.append("%0A");
                    break;
                case 11:
                case 14:
                case 15:
                case 16:
                case 17:
                case 18:
                case 19:
                case 20:
                case 21:
                case 22:
                case 23:
                case 24:
                case 25:
                case 26:
                case 27:
                case 28:
                case 29:
                case 30:
                case 31:
                case '-':
                case '0':
                case '1':
                case '2':
                case '3':
                case '4':
                case '5':
                case '6':
                case '7':
                case '8':
                case '9':
                case 'A':
                case 'B':
                case 'C':
                case 'D':
                case 'E':
                case 'F':
                case 'G':
                case 'H':
                case 'I':
                case 'J':
                case 'K':
                case 'L':
                case 'M':
                case 'N':
                case 'O':
                case 'P':
                case 'Q':
                case 'R':
                case 'S':
                case 'T':
                case 'U':
                case 'V':
                case 'W':
                case 'X':
                case 'Y':
                case 'Z':
                case '\\':
                default:
                    sb.append(charAt);
                    break;
                case '\f':
                    sb.append("%0C");
                    break;
                case '\r':
                    sb.append("%0D");
                    break;
                case ' ':
                    sb.append("%20");
                    break;
                case '!':
                    sb.append("%21");
                    break;
                case '\"':
                    sb.append("%22");
                    break;
                case '#':
                    sb.append("%23");
                    break;
                case '$':
                    sb.append("%24");
                    break;
                case '%':
                    sb.append("%25");
                    break;
                case '&':
                    sb.append("%26");
                    break;
                case '\'':
                    sb.append("%27");
                    break;
                case '(':
                    sb.append("%28");
                    break;
                case ')':
                    sb.append("%29");
                    break;
                case '*':
                    sb.append("%2A");
                    break;
                case '+':
                    sb.append("%2B");
                    break;
                case ',':
                    sb.append("%2C");
                    break;
                case '.':
                    sb.append("%2E");
                    break;
                case '/':
                    sb.append("%2F");
                    break;
                case ':':
                    sb.append("%3A");
                    break;
                case ';':
                    sb.append("%3B");
                    break;
                case '<':
                    sb.append("%3C");
                    break;
                case '=':
                    sb.append("%3D");
                    break;
                case '>':
                    sb.append("%3E");
                    break;
                case '?':
                    sb.append("%3F");
                    break;
                case '@':
                    sb.append("%40");
                    break;
                case '[':
                    sb.append("%5B");
                    break;
                case ']':
                    sb.append("%5D");
                    break;
            }
        }
        return sb.toString();
    }

    private static String getPlainText(Element element) {
        FormattingVisitor formattingVisitor = new FormattingVisitor();
        new NodeTraversor(formattingVisitor).traverse(element);
        return formattingVisitor.toString().replace("\n", "");
    }
}
