package cn.com.duiba.wolf.utils;

import com.alibaba.dubbo.common.utils.StringUtils;
import java.util.Map;
import net.sf.json.JSONArray;
import net.sf.json.JSONObject;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.math3.geometry.VectorFormat;
import org.eclipse.core.runtime.ILibrary;
import org.owasp.html.HtmlPolicyBuilder;
import org.owasp.html.PolicyFactory;
import org.springframework.web.servlet.tags.form.AbstractHtmlElementTag;
import org.springframework.web.servlet.tags.form.ErrorsTag;

/* loaded from: input_file:lib/wolf-1.8.2.2-hwq.jar:cn/com/duiba/wolf/utils/HtmlUtils.class */
public class HtmlUtils {
    private static PolicyFactory policyBuilder = new HtmlPolicyBuilder().allowAttributes(new String[]{"src", "title"}).onElements(new String[]{"img"}).allowAttributes(new String[]{"href"}).onElements(new String[]{"a"}).allowAttributes(new String[]{"class", "id", AbstractHtmlElementTag.STYLE_ATTRIBUTE}).onElements(new String[]{ErrorsTag.SPAN_TAG}).allowStandardUrlProtocols().allowElements(new String[]{"a", "label", "h1", "h2", "h3", "h4", "h5", "h6", "p", "i", "b", "u", "strong", "em", "sub", "sup", "strike", "center", "blockquote", "hr", "br", "font", ErrorsTag.SPAN_TAG, "div", "img", "ul", "ol", "li", "dd", "dt", "dl", "tbody", "thead", "tfoot", "table", "td", "th", "tr", "colgroup", "col", "fieldset", "legend", "samp", "cite", "pre", ILibrary.CODE, "big", "small"}).toFactory();

    public static String cleanXss(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        return policyBuilder.sanitize(preprocess(str));
    }

    @Deprecated
    private static String preprocess(String str) {
        return org.apache.commons.lang.StringUtils.replace(org.apache.commons.lang.StringUtils.replace(str, "？", "?"), "！", "!");
    }

    public static String cleanXssOfJsonString(String str) {
        if (StringUtils.isBlank(str)) {
            return str;
        }
        String preprocess = preprocess(str);
        return preprocess.startsWith("[") ? cleanXssOfJsonArray(JSONArray.fromObject(preprocess)).toString() : preprocess.startsWith(VectorFormat.DEFAULT_PREFIX) ? cleanXssOfJsonObject(JSONObject.fromObject(preprocess)).toString() : preprocess;
    }

    private static JSONArray cleanXssOfJsonArray(JSONArray jSONArray) {
        if (jSONArray == null || jSONArray.isEmpty()) {
            return jSONArray;
        }
        JSONArray jSONArray2 = new JSONArray();
        for (int i = 0; i < jSONArray.size(); i++) {
            Object obj = jSONArray.get(i);
            if (obj instanceof JSONArray) {
                jSONArray2.add(cleanXssOfJsonArray((JSONArray) obj));
            } else if (obj instanceof JSONObject) {
                jSONArray2.add(cleanXssOfJsonObject((JSONObject) obj));
            } else if (obj instanceof String) {
                jSONArray2.add(cleanXss((String) obj));
            } else {
                jSONArray2.add(obj);
            }
        }
        return jSONArray2;
    }

    private static JSONObject cleanXssOfJsonObject(JSONObject jSONObject) {
        if (jSONObject == null || jSONObject.isEmpty()) {
            return jSONObject;
        }
        JSONObject jSONObject2 = new JSONObject();
        for (Map.Entry entry : jSONObject.entrySet()) {
            String str = (String) entry.getKey();
            Object value = entry.getValue();
            if (value instanceof JSONArray) {
                jSONObject2.put(str, cleanXssOfJsonArray((JSONArray) value));
            } else if (value instanceof JSONObject) {
                jSONObject2.put(str, cleanXssOfJsonObject((JSONObject) value));
            } else if (value instanceof String) {
                jSONObject2.put(str, cleanXss((String) value));
            } else {
                jSONObject2.put(str, value);
            }
        }
        return jSONObject2;
    }

    public static void main(String[] strArr) {
        System.out.println(cleanXss("<img class='a' src='b.jpg？？，；'></img><script>alert('？？，；');</script><a class='a'  href='https://www.baidu.com/search/error.html?a=1'>？？？http://www.baidu.com？</a><div></div><h1 class='aa'>hello world发达</h1><h2 style='display:none;'></h2>"));
        JSONObject jSONObject = new JSONObject();
        jSONObject.put("name", "jack");
        jSONObject.put("address", "<img class='a' src='b.jpg？？，；'></img><script>alert('？？，；');</script><a class='a'  href='https://www.baidu.com/search/error.html?a=1'>？？？http://www.baidu.com？</a><div></div><h1 class='aa'>hello world发达</h1><h2 style='display:none;'></h2>");
        JSONArray jSONArray = new JSONArray();
        jSONArray.add("hello");
        jSONArray.add("hello2");
        jSONArray.add(jSONObject);
        JSONObject jSONObject2 = new JSONObject();
        jSONObject2.put("name", "");
        jSONObject2.put("address", "<img class='a' src='b.jpg？？，；'></img><script>alert('？？，；');</script><a class='a'  href='https://www.baidu.com/search/error.html?a=1'>？？？http://www.baidu.com？</a><div></div><h1 class='aa'>hello world发达</h1><h2 style='display:none;'></h2>");
        JSONArray jSONArray2 = new JSONArray();
        jSONArray2.add(jSONObject2);
        jSONArray2.add(jSONObject2);
        jSONArray2.add(jSONObject2);
        System.out.println(cleanXssOfJsonString(jSONArray2.toString()));
        String cleanXssOfJsonString = cleanXssOfJsonString(jSONObject2.toString());
        System.out.println();
        System.out.println(cleanXssOfJsonString);
        String unescapeHtml = StringEscapeUtils.unescapeHtml("{\"code\":\"http://m.duzhoumo.com/zhuanti/2016scyhq?channelid=24\",\"remaind\":\"3\"}");
        System.out.println(unescapeHtml);
        System.out.println(cleanXssOfJsonString(unescapeHtml));
    }
}
