package org.egov.infra.security.utils;

import org.apache.commons.lang.StringUtils;
import org.egov.infra.exception.ApplicationRuntimeException;
import org.egov.infra.validation.exception.ValidationException;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/egov/infra/security/utils/XSSValidator.class */
public final class XSSValidator {
    private static final Logger LOG = LoggerFactory.getLogger(XSSValidator.class);
    private static Policy policy;
    private static AntiSamy antiSamy;

    private XSSValidator() {
    }

    private static AntiSamy getAntiSamy() throws PolicyException {
        if (antiSamy == null) {
            policy = getPolicy("antisamy-myspace-1.4.3.xml");
            antiSamy = new AntiSamy();
        }
        return antiSamy;
    }

    private static Policy getPolicy(String str) throws PolicyException {
        return Policy.getInstance(XSSValidator.class.getResource(str));
    }

    public static String validate(String str, String str2) {
        try {
            if (StringUtils.isBlank(str2)) {
                return str2;
            }
            CleanResults scan = getAntiSamy().scan(str2, policy);
            if (scan.getErrorMessages().isEmpty()) {
                return str2;
            }
            if (LOG.isWarnEnabled()) {
                LOG.warn(scan.getErrorMessages().toString());
            }
            throw new ValidationException(str, "Invalid, contains unsafe value", new String[0]);
        } catch (PolicyException | ScanException e) {
            throw new ApplicationRuntimeException("Error occurred while validating inputs", e);
        }
    }
}
