package org.n52.security.service.config.support;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;

/* loaded from: input_file:org/n52/security/service/config/support/XSSWhitelistCleaner.class */
public class XSSWhitelistCleaner implements XSSAnalyzer {
    private static final List DEFAULT_WHITELIST = new ArrayList();
    private Pattern m_allowedTokens;

    public XSSWhitelistCleaner() {
        this(DEFAULT_WHITELIST);
    }

    public XSSWhitelistCleaner(List list) {
        this.m_allowedTokens = createWhiteListPattern(list);
    }

    @Override // org.n52.security.service.config.support.XSSAnalyzer
    public String cleanValue(String str) {
        StringBuffer stringBuffer = new StringBuffer(str.length());
        Matcher matcher = this.m_allowedTokens.matcher(str);
        while (matcher.find()) {
            stringBuffer.append(matcher.group(1));
        }
        return stringBuffer.toString();
    }

    private Pattern createWhiteListPattern(List list) {
        if (list == null || list.isEmpty()) {
            throw new IllegalArgumentException("<whiteList> must not null or empty!");
        }
        StringBuffer stringBuffer = new StringBuffer();
        stringBuffer.append("(");
        Iterator it = list.iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            stringBuffer.append("(?:");
            stringBuffer.append(str);
            stringBuffer.append(")");
            if (it.hasNext()) {
                stringBuffer.append("|");
            }
        }
        stringBuffer.append(")");
        return Pattern.compile(stringBuffer.toString(), 2);
    }

    static {
        DEFAULT_WHITELIST.add("[^<>\\s]+");
        DEFAULT_WHITELIST.add("[\\n\\r\\t ]+");
        String stringBuffer = new StringBuffer().append("('|\")(?!javascript:)").append("(?:[^<>\\s&]|&(?!#))+").append("('|\")").toString();
        DEFAULT_WHITELIST.add(new StringBuffer().append("<img[ ]+src=").append(stringBuffer).append("[ ]*/>").toString());
        DEFAULT_WHITELIST.add(new StringBuffer().append("<a[ ]+href=").append(stringBuffer).append("[ ]*>").toString());
        DEFAULT_WHITELIST.add("</a>");
        DEFAULT_WHITELIST.add("</?p>");
        DEFAULT_WHITELIST.add("</?b>");
        DEFAULT_WHITELIST.add("</?i>");
        DEFAULT_WHITELIST.add("</?strong>");
        DEFAULT_WHITELIST.add("</?h\\d>");
        DEFAULT_WHITELIST.add("</?ul>");
        DEFAULT_WHITELIST.add("</?ol>");
        DEFAULT_WHITELIST.add("</?li>");
        DEFAULT_WHITELIST.add("</?dd>");
        DEFAULT_WHITELIST.add("</?dt>");
        DEFAULT_WHITELIST.add("</?cite>");
        DEFAULT_WHITELIST.add("</?table>");
        DEFAULT_WHITELIST.add("</?td>");
        DEFAULT_WHITELIST.add("</?th>");
        DEFAULT_WHITELIST.add("</?tr>");
        DEFAULT_WHITELIST.add("</?blockquote>");
        DEFAULT_WHITELIST.add("</?pre>");
        DEFAULT_WHITELIST.add("</?em>");
        DEFAULT_WHITELIST.add("</?abbr>");
        DEFAULT_WHITELIST.add("</?code>");
        DEFAULT_WHITELIST.add("</?acronym>");
        DEFAULT_WHITELIST.add("</?q>");
        DEFAULT_WHITELIST.add("</?sub>");
        DEFAULT_WHITELIST.add("</?sup>");
        DEFAULT_WHITELIST.add("</?u>");
        DEFAULT_WHITELIST.add("</?s>");
        DEFAULT_WHITELIST.add("<hr/>");
        DEFAULT_WHITELIST.add("<br/>");
    }
}
