/*
 * ============LICENSE_START==========================================
 * ONAP Portal SDK
 * ===================================================================
 * Copyright © 2017 AT&T Intellectual Property. All rights reserved.
 * ===================================================================
 *
 * Unless otherwise specified, all software contained herein is licensed
 * under the Apache License, Version 2.0 (the "License");
 * you may not use this software except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *             http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * Unless otherwise specified, all documentation contained herein is licensed
 * under the Creative Commons License, Attribution 4.0 Intl. (the "License");
 * you may not use this documentation except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *             https://creativecommons.org/licenses/by/4.0/
 *
 * Unless required by applicable law or agreed to in writing, documentation
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 *
 * ============LICENSE_END============================================
 *
 * 
 */
package org.onap.portalsdk.analytics.util;
	
	/**
	 * 
	 * @author Sundar
	 * This class is used to filter javascript tags to avoid XSS attacks.
	 */
public class XSSFilter {
	
	public static synchronized String filterRequestOnlyScript(String param) {
		String value = "";
		value = nvl(param);
		value = value.replaceAll("<[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
		value = value.replaceAll("</[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
		value = value.replaceAll("[\\s]*[jJ][\\s]*[aA][\\s]*[vV][\\s]*[aA][\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*", "");
		return value;
	}
	public static synchronized String filterRequest (String param) {
		String value = "";
		value = nvl(param);
		value = value.replaceAll("<[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
		value = value.replaceAll("</[\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*>", "");
		value = value.replaceAll("[\\s]*[jJ][\\s]*[aA][\\s]*[vV][\\s]*[aA][\\s]*[sS][\\s]*[cC][\\s]*[rR][\\s]*[iI][\\s]*[pP][\\s]*[tT][\\s]*", "");
		value = value.replaceAll("[\\s]*<", "");
		value = value.replaceAll("[\\s]*>", "");
		
		return value;
	}
    
	public static void main (String args[]) {
		String value = XSSFilter.filterRequest("<s\nC\nr\nI\np\nT\n>\na\nl\ne\nr\nt\n('sundar');</SCRIPT>javascript:alert('Sundar');");
		int i = Integer.parseInt("8989");
		System.out.println(value);
	}
	
	private static String nvl(String s) {
		return (s == null) ? "" : s;
	}
}