package com.odianyun.social.business.utils.web;

import groovy.ui.text.GroovyFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;
import org.apache.activemq.filter.DestinationFilter;

/* loaded from: input_file:WEB-INF/lib/social-business-prod2.10.0-SNAPSHOT.jar:com/odianyun/social/business/utils/web/XssRequestWrapper.class */
class XssRequestWrapper extends HttpServletRequestWrapper {
    HttpServletRequest orgRequest;

    public XssRequestWrapper(HttpServletRequest httpServletRequest) {
        super(httpServletRequest);
        this.orgRequest = null;
        this.orgRequest = httpServletRequest;
    }

    @Override // javax.servlet.ServletRequestWrapper, javax.servlet.ServletRequest
    public String getParameter(String str) {
        String parameter = super.getParameter(xssEncode(str));
        if (parameter != null) {
            parameter = xssEncode(parameter);
        }
        return parameter;
    }

    @Override // javax.servlet.http.HttpServletRequestWrapper, javax.servlet.http.HttpServletRequest
    public String getHeader(String str) {
        String header = super.getHeader(xssEncode(str));
        if (header != null) {
            header = xssEncode(header);
        }
        return header;
    }

    private static String xssEncode(String str) {
        return filterXssText(str);
    }

    public HttpServletRequest getOrgRequest() {
        return this.orgRequest;
    }

    public static HttpServletRequest getOrgRequest(HttpServletRequest httpServletRequest) {
        return httpServletRequest instanceof XssRequestWrapper ? ((XssRequestWrapper) httpServletRequest).getOrgRequest() : httpServletRequest;
    }

    private static String filterXssText(String str) {
        return (str == null || str.isEmpty()) ? str : str.replaceAll("<", "&lt;").replaceAll(DestinationFilter.ANY_DESCENDENT, "&gt;").replaceAll(GroovyFilter.LEFT_PARENS, "&#40;").replaceAll("\\)", "&#41;").replace("--", "——").replace(";", "；").replace("@@", "&at;&at;").replaceAll("eval\\((.*)\\)", "").replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"").replaceAll("script", "");
    }
}
