package com.yplp.common.util;

import java.util.regex.Pattern;
import org.apache.log4j.Logger;

/* loaded from: classes.dex */
public class XssUtils {
    private static Logger logger = Logger.getLogger(XssUtils.class);

    public static String cleanSQLInject(String str) {
        String replaceAll = str.replaceAll("insert", "forbidI").replaceAll("select", "forbidS").replaceAll("update", "forbidU").replaceAll("delete", "forbidD").replaceAll("exec", "forbidExec").replaceAll("declare", "forbidDeclare").replaceAll("backup", "forbidBackUp").replaceAll("exists", "forbidExists").replaceAll("drop", "forbidDrop").replaceAll("dbcc", "forbidDbcc");
        if (!str.equals(replaceAll)) {
            logger.info("输入信息存在SQL攻击！");
            logger.info("原始输入信息-->" + str);
            logger.info("处理后信息-->" + replaceAll);
        }
        return replaceAll;
    }

    public static String cleanXSS(String str) {
        String replaceAll = Pattern.compile("[\\\"\\'][\\s]*javascript:(.*)[\\\"\\']", 2).matcher(Pattern.compile("(eval\\((.*)\\)|script)", 2).matcher(str.replaceAll("<", "<").replaceAll(">", ">").replaceAll("\\(", "(").replaceAll("\\)", ")").replaceAll("'", "'")).replaceAll("")).replaceAll("\"\"").replaceAll("script", "").replaceAll(";", "").replaceAll("\"", "").replaceAll("@", "").replaceAll("0x0d", "").replaceAll("0x0a", "");
        if (!str.equals(replaceAll)) {
            logger.info("输入信息存在xss攻击！");
            logger.info("原始输入信息-->" + str);
            logger.info("处理后信息-->" + replaceAll);
        }
        return replaceAll;
    }
}
