package com.sap.businessone.web.xss;

import com.sap.businessone.util.StringUtil;
import java.util.regex.Pattern;

/* loaded from: input_file:com/sap/businessone/web/xss/XSSUtil.class */
public class XSSUtil {
    public static final Pattern ESCAPE_LT = Pattern.compile("<");
    public static final Pattern ESCAPE_GT = Pattern.compile(">");
    public static final Pattern ESCAPE_QUOT = Pattern.compile("\"");
    public static final Pattern ESCAPE_AMP = Pattern.compile("&");
    public static final Pattern[] removePattens = {Pattern.compile("src[\r\n]*=[\r\n]*\\'(.*?)\\'", 42), Pattern.compile("src[\r\n]*=[\r\n]*\\\"(.*?)\\\"", 42), Pattern.compile("javascript:", 2), Pattern.compile("vbscript:", 2), Pattern.compile("eval\\((.*?)\\)", 42), Pattern.compile("expression\\((.*?)\\)", 42)};
    private static final String[][] BASIC_ESCAPE = {new String[]{"\"", "&quot;"}, new String[]{"&", "&amp;"}, new String[]{"<", "&lt;"}, new String[]{">", "&gt;"}};
    private static final String[][] BASIC_UNESCAPE = invert(BASIC_ESCAPE);

    public static String[][] BASIC_ESCAPE() {
        return (String[][]) BASIC_ESCAPE.clone();
    }

    public static String[][] BASIC_UNESCAPE() {
        return (String[][]) BASIC_UNESCAPE.clone();
    }

    public static String encode(String str) {
        if (StringUtil.isEmpty(str)) {
            return str;
        }
        return removeScripts(ESCAPE_GT.matcher(ESCAPE_LT.matcher(ESCAPE_AMP.matcher(str).replaceAll("&amp;")).replaceAll("&lt;")).replaceAll("&gt;"));
    }

    private static String removeScripts(String str) {
        if (str == null) {
            return str;
        }
        for (Pattern pattern : removePattens) {
            str = pattern.matcher(str).replaceAll("");
        }
        return str;
    }

    private static String[][] invert(String[][] strArr) {
        String[][] strArr2 = new String[strArr.length][2];
        for (int i = 0; i < strArr.length; i++) {
            strArr2[i][0] = strArr[i][1];
            strArr2[i][1] = strArr[i][0];
        }
        return strArr2;
    }
}
