package org.squashtest.tm.core.foundation.sanitizehtml;

import java.util.Collections;
import java.util.List;
import net.htmlparser.jericho.HTMLElementName;
import org.apache.commons.lang3.StringUtils;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Document;
import org.jsoup.nodes.Entities;
import org.jsoup.parser.Parser;
import org.jsoup.safety.Safelist;
import org.springframework.web.servlet.tags.form.AbstractHtmlElementTag;
import org.springframework.web.servlet.tags.form.AbstractHtmlInputElementTag;

/* loaded from: input_file:WEB-INF/lib/core.foundation-8.1.0.RELEASE.jar:org/squashtest/tm/core/foundation/sanitizehtml/HTMLSanitizeUtils.class */
public final class HTMLSanitizeUtils {
    private static final String[] allowedTags = {"a", "b", HTMLElementName.BLOCKQUOTE, "br", "caption", "center", HTMLElementName.CITE, "code", HTMLElementName.COL, HTMLElementName.COLGROUP, HTMLElementName.DD, "div", HTMLElementName.DL, "dt", "em", HTMLElementName.FIGURE, HTMLElementName.H1, "h2", "h3", HTMLElementName.H4, HTMLElementName.H5, HTMLElementName.H6, "hr", "i", "img", HTMLElementName.INS, "li", "ol", "p", "pre", "q", "s", "small", "span", HTMLElementName.STRIKE, "strong", "sub", "sup", "table", HTMLElementName.TBODY, "td", HTMLElementName.TFOOT, "th", HTMLElementName.THEAD, "tr", "u", "ul"};
    private static final String[] allowedAttributes = {"align", "aria-hidden", "border", "cellpadding", "cellspacing", "class", "dir", "height", "id", "lang", "rel", "role", "style", AbstractHtmlElementTag.TABINDEX_ATTRIBUTE, "title", "width"};

    private HTMLSanitizeUtils() {
        throw new IllegalStateException("Utility class");
    }

    public static List<String> checkHtml(String str) {
        if (StringUtils.isBlank(str)) {
            return Collections.emptyList();
        }
        List<String> findParseErrors = findParseErrors(str);
        return !findParseErrors.isEmpty() ? findParseErrors : Jsoup.isValid(str, getSafelist()) ? Collections.emptyList() : Collections.singletonList("HTML contains unsafe elements or attributes.");
    }

    private static List<String> findParseErrors(String str) {
        Parser trackErrors = Parser.htmlParser().setTrackErrors(5);
        Jsoup.parse(str, "", trackErrors);
        return trackErrors.getErrors().stream().map((v0) -> {
            return v0.toString();
        }).toList();
    }

    public static String cleanHtml(String str) {
        if (str == null) {
            return null;
        }
        if (StringUtils.isBlank(str)) {
            return "";
        }
        Document.OutputSettings outputSettings = new Document.OutputSettings();
        outputSettings.prettyPrint(false);
        outputSettings.escapeMode(Entities.EscapeMode.extended);
        outputSettings.outline(false);
        return Jsoup.clean(str.replaceAll("&([^;]+?);", "à@-$1;"), "", getSafelist(), outputSettings).replaceAll("à@-([^;]+?);", "&$1;");
    }

    private static Safelist getSafelist() {
        return new Safelist().addTags(allowedTags).addAttributes(":all", allowedAttributes).addAttributes("a", AbstractHtmlInputElementTag.ACCESSKEY_ATTRIBUTE, "charset", "name", "target", "type", "href").addAttributes(HTMLElementName.BLOCKQUOTE, HTMLElementName.CITE).addAttributes(HTMLElementName.COL, "span").addAttributes(HTMLElementName.COLGROUP, "span").addAttributes(HTMLElementName.FIGURE, "longdesc").addAttributes("font", "color", "face", "size").addAttributes("img", "longdesc", "alt", "src").addAttributes("ol", "start", "type").addAttributes("q", HTMLElementName.CITE).addAttributes("table", "border", "cellpadding", "cellspacing", "summary").addAttributes("td", HTMLElementName.ABBR, "axis", "colspan", "rowspan").addAttributes("th", HTMLElementName.ABBR, "axis", "colspan", "rowspan", "scope").addAttributes("ul", "type").addProtocols("a", "href", "ftp", "http", "https", "mailto").addProtocols(HTMLElementName.BLOCKQUOTE, HTMLElementName.CITE, "http", "https").addProtocols(HTMLElementName.CITE, HTMLElementName.CITE, "http", "https").addProtocols("img", "src", "cid", "data", "http", "https").addProtocols("q", HTMLElementName.CITE, "http", "https");
    }
}
