package cn.com.duiba.boot.ext.autoconfigure.xss;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang3.StringEscapeUtils;

/* loaded from: input_file:lib/spring-boot-ext-1.1.51.jar:cn/com/duiba/boot/ext/autoconfigure/xss/XssHttpServletRequestWrapper.class */
public class XssHttpServletRequestWrapper extends HttpServletRequestWrapper {
    public XssHttpServletRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String[] getParameterValues(String str) {
        String[] parameterValues = super.getParameterValues(str);
        if (parameterValues == null) {
            return null;
        }
        int length = parameterValues.length;
        String[] strArr = new String[length];
        for (int i = 0; i < length; i++) {
            strArr[i] = cleanXSS(parameterValues[i]);
        }
        return strArr;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        return cleanXSS(super.getParameter(str));
    }

    @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
    public String getHeader(String str) {
        return cleanXSS(super.getHeader(str));
    }

    private String cleanXSS(String str) {
        if (str == null) {
            return null;
        }
        return StringEscapeUtils.escapeHtml3(StringUtils.replace(StringUtils.replace(str, "\\t", " "), "\t", " "));
    }
}
