package org.linagora.linShare.view.tapestry.utils;

import org.apache.commons.lang.StringEscapeUtils;
import org.apache.tapestry5.corelib.components.Form;
import org.apache.tapestry5.ioc.Messages;
import org.linagora.linShare.core.exception.BusinessErrorCode;
import org.linagora.linShare.core.exception.BusinessException;
import org.linagora.linShare.view.tapestry.beans.ShareSessionObjects;
import org.linagora.linShare.view.tapestry.enums.BusinessUserMessageType;
import org.linagora.linShare.view.tapestry.objects.BusinessUserMessage;
import org.linagora.linShare.view.tapestry.objects.MessageSeverity;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.CleanResults;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/classes/org/linagora/linShare/view/tapestry/utils/XSSFilter.class */
public class XSSFilter {
    private static final Logger logger = LoggerFactory.getLogger(XSSFilter.class);
    private BusinessUserMessage warningMessage;
    private Messages messages;
    private Policy antiSamyPolicy;
    private ShareSessionObjects shareSessionObjects;
    private Form form;
    private boolean error;

    public XSSFilter(ShareSessionObjects shareSessionObjects, Form form, Policy policy, Messages messages) {
        this.antiSamyPolicy = policy;
        this.shareSessionObjects = shareSessionObjects;
        this.form = form;
        this.messages = messages;
        this.warningMessage = new BusinessUserMessage(BusinessUserMessageType.WARNING_TAGS_FOUND, MessageSeverity.WARNING);
        this.error = false;
    }

    public XSSFilter(Policy policy, Messages messages) {
        this.antiSamyPolicy = policy;
        this.messages = messages;
        this.shareSessionObjects = null;
        this.form = null;
        this.error = false;
        this.warningMessage = new BusinessUserMessage(BusinessUserMessageType.WARNING_TAGS_FOUND, MessageSeverity.WARNING);
    }

    public String clean(String str) throws BusinessException {
        String str2 = null;
        AntiSamy antiSamy = new AntiSamy();
        boolean z = false;
        String str3 = null;
        if (str == null) {
            return null;
        }
        try {
            CleanResults scan = antiSamy.scan(str, this.antiSamyPolicy);
            this.error |= scan.getNumberOfErrors() > 0;
            str2 = StringEscapeUtils.unescapeHtml(scan.getCleanHTML().trim());
        } catch (PolicyException e) {
            z = true;
            str3 = "Antisany is not able to get the antiSamy policy";
            logger.error(e.getMessage());
            logger.debug(e.toString());
        } catch (ScanException e2) {
            z = true;
            str3 = "Antisany is not able to scan the field";
            logger.error(e2.getMessage());
            logger.debug(e2.toString());
        }
        if (z) {
            throw new BusinessException(BusinessErrorCode.XSSFILTER_SCAN_FAILED, str3);
        }
        return str2;
    }

    public boolean hasError() {
        return this.error;
    }

    public BusinessUserMessage getWarningMessage() {
        return this.warningMessage;
    }
}
