package com.gold.ms.gateway.security.filter;

import java.io.IOException;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;

@WebFilter(filterName = "reqResFilter", urlPatterns = {"/*"})
/* loaded from: input_file:com/gold/ms/gateway/security/filter/XSSFilter.class */
public class XSSFilter implements Filter {
    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        String requestURI = httpServletRequest.getRequestURI();
        Map parameterMap = httpServletRequest.getParameterMap();
        if (!requestURI.contains("api-file")) {
            parameterMap.forEach((str, strArr) -> {
                if (strArr != null) {
                    for (int i = 0; i < strArr.length; i++) {
                        strArr[i] = strArr[i].replaceAll("'", "&#39;");
                        strArr[i] = strArr[i].replaceAll("eval\\((.*)\\)", "");
                        strArr[i] = strArr[i].replaceAll("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", "\"\"");
                        strArr[i] = strArr[i].replaceAll("script", "");
                        strArr[i] = strArr[i].trim();
                    }
                }
            });
        }
        filterChain.doFilter(new ParameterRequestWrapper(httpServletRequest, parameterMap), servletResponse);
    }

    public void destroy() {
    }
}
