package com.adobe.cq.testing.util;

import com.adobe.cq.testing.junit.assertion.GraniteAssert;
import java.io.IOException;
import java.util.regex.Pattern;
import org.apache.sling.testing.clients.SlingHttpResponse;
import org.apache.sling.testing.clients.util.XSSUtils;
import org.apache.taglibs.standard.functions.Functions;
import org.junit.Assert;

/* loaded from: input_file:com/adobe/cq/testing/util/CQXSSUtils.class */
public class CQXSSUtils extends XSSUtils {
    public static final String XSS_ATTACK_SIMPLE = "';!--\"<XSS>=&{()}";
    public static final String XSS_ATTACK_JS_SIMPLE = "'\"></title></script><script>alert('XSS');</script>";
    public static final String XSS_ATTACK_JS_SIMPLE2 = "\"});});alert(23);</script>";
    public static final String XSS_ATTACK_JS_CASE_INSENSITIVE = "<IMG SRC=\"JaVaScRiPt:alert('XSS');\">";
    public static final String XSS_ATTACK_HERF_SIMPLE = "XSSHERF%22%20onclick=alert(23)%3E";

    public static String escapeXmlJSTL(String str) {
        return Functions.escapeXml(str);
    }

    public static String replaceSpecialCharsForRegexp(String str) {
        return TestUtil.replaceSpecialCharsForRegexp(str);
    }

    public static void assertTitleTagIsNotVulnerable(SlingHttpResponse slingHttpResponse, String str) throws IOException {
        Assert.assertTrue(slingHttpResponse.getContent().contains("<title>"));
        String content = slingHttpResponse.getContent();
        GraniteAssert.assertRegExFind("Title tag is not properly sanitized: " + content, content, Pattern.compile("<title>[^<]*" + replaceSpecialCharsForRegexp(str) + "[^<]*</title>", 10));
    }
}
