package org.fastquery.jersey.mvc.filter;

import java.io.IOException;
import java.util.Arrays;
import java.util.Enumeration;
import javax.servlet.http.HttpServletRequest;
import javax.ws.rs.Produces;
import javax.ws.rs.container.ContainerRequestContext;
import javax.ws.rs.container.ContainerRequestFilter;
import javax.ws.rs.container.ResourceInfo;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.Response;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fastquery/jersey/mvc/filter/XSSFilter.class */
public class XSSFilter implements ContainerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(XSSFilter.class);

    @Context
    private HttpServletRequest request;

    @Context
    private ResourceInfo resourceInfo;

    public void filter(ContainerRequestContext containerRequestContext) throws IOException {
        String arrays = Arrays.toString(this.resourceInfo.getResourceMethod().getAnnotation(Produces.class).value());
        Enumeration parameterNames = this.request.getParameterNames();
        while (parameterNames.hasMoreElements()) {
            String str = (String) parameterNames.nextElement();
            String parameter = this.request.getParameter(str);
            if (parameter != null && parameter.contains("<")) {
                LOG.error("参数" + str + "不能包含'<'符号");
                if (arrays.contains("text/html")) {
                    containerRequestContext.abortWith(Response.status(500).build());
                    return;
                } else if (arrays.contains("application/json")) {
                    containerRequestContext.abortWith(Response.ok("{\"ok\":false,\"error\":\"msg\"}").build());
                    return;
                }
            }
        }
    }
}
