package com.wmeimob.fastboot.util;

import java.util.regex.Pattern;

/* loaded from: input_file:BOOT-INF/lib/wmeimob-utils-1.0.19.BUILD-SNAPSHOT.jar:com/wmeimob/fastboot/util/InputWrapper.class */
public class InputWrapper {
    private static final Pattern SCRIPT_TAG_PATTERN = Pattern.compile("<[\r\n| | ]*script[\r\n| | ]*>(.*?)</[\r\n| | ]*script[\r\n| | ]*>", 2);
    private static final Pattern SRC_PATTERN = Pattern.compile("src[\r\n| | ]*=[\r\n| | ]*[\\\"|\\'](.*?)[\\\"|\\']", 42);
    private static final Pattern SCRIPT_CLOSED_PATTERN = Pattern.compile("</[\r\n| | ]*script[\r\n| | ]*>", 2);
    private static final Pattern SCRIPT_CLOSED_PATTERN2 = Pattern.compile("<[\r\n| | ]*script(.*?)>", 42);
    private static final Pattern SCRIPT_EVAL_PATTERN = Pattern.compile("eval\\((.*?)\\)", 42);
    private static final Pattern E_XPRESSION_PATTERN = Pattern.compile("e-xpression\\((.*?)\\)", 42);
    private static final Pattern JAVASCRIPT_PATTERN = Pattern.compile("javascript[\r\n| | ]*:[\r\n| | ]*", 2);
    private static final Pattern VB_SCRIPT_PATTERN = Pattern.compile("vbscript[\r\n| | ]*:[\r\n| | ]*", 2);
    private static final Pattern ONLOAD_PATTERN = Pattern.compile("onload(.*?)=", 42);

    public static String xssEncode(String str) {
        if (str == null || str.isEmpty()) {
            return str;
        }
        String stripXSSAndSql = stripXSSAndSql(str);
        StringBuilder sb = new StringBuilder(stripXSSAndSql.length() + 16);
        for (int i = 0; i < stripXSSAndSql.length(); i++) {
            char charAt = stripXSSAndSql.charAt(i);
            switch (charAt) {
                case '\"':
                    sb.append("＂");
                    break;
                case '#':
                    sb.append("＃");
                    break;
                case '&':
                    sb.append("＆");
                    break;
                case '\'':
                    sb.append("＇");
                    break;
                case '<':
                    sb.append("＜");
                    break;
                case '>':
                    sb.append("＞");
                    break;
                default:
                    sb.append(charAt);
                    break;
            }
        }
        return sb.toString();
    }

    private static String stripXSSAndSql(String str) {
        if (str != null) {
            str = ONLOAD_PATTERN.matcher(VB_SCRIPT_PATTERN.matcher(JAVASCRIPT_PATTERN.matcher(E_XPRESSION_PATTERN.matcher(SCRIPT_EVAL_PATTERN.matcher(SCRIPT_CLOSED_PATTERN2.matcher(SCRIPT_CLOSED_PATTERN.matcher(SRC_PATTERN.matcher(SCRIPT_TAG_PATTERN.matcher(str).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("")).replaceAll("");
        }
        return str;
    }
}
