package cpcns.common.filter;

package .var.folders.cl.9twcgjfx4vsg5zl73c6wxmvm0000gn.T;

import java.util.regex.Pattern;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletRequestWrapper;

public class XSSHttpServletRequestWrapper extends HttpServletRequestWrapper {
  public XSSHttpServletRequestWrapper(HttpServletRequest request) {
    super(request);
  }
  
  public String[] getParameterValues(String name) {
    String[] values = super.getParameterValues(name);
    if (values == null)
      return null; 
    int count = values.length;
    String[] encodedValues = new String[count];
    for (int i = 0; i < count; i++)
      encodedValues[i] = cleanXSS(values[i]); 
    return encodedValues;
  }
  
  public String getParameter(String name) {
    String value = super.getParameter(name);
    if (value == null)
      return null; 
    return cleanXSS(value);
  }
  
  public Object getAttribute(String name) {
    Object value = super.getAttribute(name);
    if (value != null && value instanceof String)
      cleanXSS((String)value); 
    return value;
  }
  
  public String getHeader(String name) {
    String value = super.getHeader(name);
    if (value == null)
      return null; 
    return cleanXSS(value);
  }
  
  private String cleanXSS(String value) {
    if (value != null) {
      value = value.replaceAll(" ", "");
      Pattern scriptPattern = Pattern.compile("<script>(.*?)</script>", 2);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("src[ ]*=[ ]*\"(.*?)\"", 42);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("src[ ]*=[ ]*\"(.*?)\"", 42);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("</script>", 2);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("<script(.*?)>", 
          42);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("eval\\((.*?)\\)", 42);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("e­xpression\\((.*?)\\)", 42);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("javascript:", 2);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("vbscript:", 2);
      value = scriptPattern.matcher(value).replaceAll("");
      scriptPattern = Pattern.compile("onload(.*?)=", 
          42);
      value = scriptPattern.matcher(value).replaceAll("");
    } 
    return value;
  }
}