package com.yqzx.common.util;

import java.io.InputStream;

import lombok.extern.slf4j.Slf4j;
import org.apache.commons.text.StringEscapeUtils;
import org.owasp.validator.html.AntiSamy;
import org.owasp.validator.html.Policy;
import org.owasp.validator.html.PolicyException;
import org.owasp.validator.html.ScanException;

import cn.hutool.core.util.StrUtil;

/**
 * @author ChenLong
 * @version 1.0
 * @ClassName XSSUtil
 * @date 2019/7/16 18:13
 * @Description TODO
 */
@Slf4j
public class XssUtil {

    public static String clearXss(String val) {
        if (StrUtil.isBlank(val)) {
            return val;
        }
        try {
            InputStream is=XssUtil.class.getResourceAsStream("/antisamy.xml");
            AntiSamy antiSamy = new AntiSamy();
            Policy policy = Policy.getInstance(is);
            return StringEscapeUtils.unescapeHtml4(antiSamy.scan(val, policy).getCleanHTML());
        } catch (PolicyException e) {
          log.error(e.getMessage());
        } catch (ScanException e) {
            log.error(e.getMessage());
        }
        return val;
    }

}