package es.juntadeandalucia.plataforma.interceptores;

import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.Interceptor;
import es.juntadeandalucia.plataforma.resources.ConstantesBean;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;

/* loaded from: input_file:es/juntadeandalucia/plataforma/interceptores/XSSValidationInterceptor.class */
public class XSSValidationInterceptor implements Interceptor {
    private static final long serialVersionUID = 1;

    public void destroy() {
    }

    public void init() {
    }

    public String intercept(ActionInvocation actionInvocation) throws Exception {
        boolean z = false;
        String str = ConstantesBean.STR_EMPTY;
        new LinkedList();
        List<String> insertarTags = insertarTags();
        ((HttpServletRequest) actionInvocation.getInvocationContext().get("com.opensymphony.xwork2.dispatcher.HttpServletRequest")).getSession(true).setAttribute("org.apache.struts2.util.InvocationSessionStore.invocationMap", (Object) null);
        for (Map.Entry entry : actionInvocation.getInvocationContext().getParameters().entrySet()) {
            if (entry.getValue() instanceof String[]) {
                String lowerCase = ((String[]) entry.getValue())[0].toLowerCase();
                if (lowerCase.contains("<script") || lowerCase.contains("</script") || lowerCase.contains("%3cscript") || lowerCase.contains("%3c%2fscript") || lowerCase.contains("javascript") || lowerCase.contains("&{") || lowerCase.contains("$26%7b")) {
                    z = true;
                    str = "errorXSS";
                }
                for (String str2 : insertarTags) {
                    int indexOf = lowerCase.indexOf("<");
                    if (indexOf == -1) {
                        indexOf = lowerCase.indexOf("%3c");
                    }
                    int indexOf2 = lowerCase.indexOf(str2 + " ");
                    if (indexOf2 == -1) {
                        indexOf2 = lowerCase.indexOf(str2 + "%20");
                    }
                    if (lowerCase.length() > 0 && (lowerCase.contains("<") || lowerCase.contains("%3c"))) {
                        if (lowerCase.contains(str2 + " ") || lowerCase.contains(str2 + "%20")) {
                            if (indexOf < indexOf2) {
                                z = true;
                                str = "errorXSS";
                            }
                        }
                    }
                }
            }
        }
        if (!z) {
            str = actionInvocation.invoke();
        }
        return str;
    }

    private List<String> insertarTags() {
        LinkedList linkedList = new LinkedList();
        for (String str : new String("a,abbr,acronym,address,applet,area,b,base,basefont,bdo,big,blockquote,body,br,button,caption,center,cite,code,col,colgroup,dd,del,dfn,dir,div,dl,dt,em,fieldset,font,form,frame,frameset,h1,h2,h3,h4,h5,h6,head,hr,html,i,iframe,img,input,ins,isindex,kbd,label,legend,li,link,map,menu,meta,noframes,noscript,object,ol,optgroup,option,p,param,pre,q,s,samp,script,select,small,span,strike,strong,style,sub,sup,table,tbody,td,textarea,tfoot,th,thead,title,tr,tt,u,ul,var,if,elseif,else,append,generator,iterator,merge,sort,subset,action,bean,date,debug,il8n,include,param,push,set,text,url,property,autocompleter,checkbox,checkboxlist,combobox,datetimepicker,doubleselect,file,hidden,label,optiontransferselect,optgroup,password,radio,reset,submit,textarea,textfield,token,updownselect,actionerror,actionmessage,component,fielderror,tabbedPanel,tree,treenode").split(ConstantesBean.STR_COMA)) {
            linkedList.add(str);
        }
        return linkedList;
    }
}
