package com.webank.wedatasphere.schedulis.common.utils;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringEscapeUtils;
import org.apache.commons.lang.StringUtils;

/* loaded from: input_file:com/webank/wedatasphere/schedulis/common/utils/XSSFilterUtils.class */
public class XSSFilterUtils {
    public static boolean invalidStringFilter(String str) {
        boolean z = false;
        String unescapeHtml = StringEscapeUtils.unescapeHtml(str);
        if (null != unescapeHtml && (StringUtils.containsAny(unescapeHtml, new char[]{'<', '>', '\"', '\'', ';', '(', ')', '+'}) || unescapeHtml.contains("%3") || unescapeHtml.contains("%2"))) {
            z = true;
        }
        return z;
    }

    private static boolean htmlContainsAny(String str, String[] strArr) {
        boolean z = false;
        for (String str2 : strArr) {
            z = str.contains(str2);
            if (z) {
                break;
            }
        }
        return z;
    }

    public static boolean invalidCookieFilter(HttpServletRequest httpServletRequest) {
        boolean z = false;
        Cookie[] cookies = httpServletRequest.getCookies();
        if (null != cookies) {
            int i = 0;
            while (true) {
                if (i >= cookies.length) {
                    break;
                }
                if (invalidStringFilter(cookies[i].getValue())) {
                    z = true;
                    break;
                }
                i++;
            }
        }
        return z;
    }
}
