package egovframework.com.cmm.util;

public class EgovXSSUtil {
	
	public String unscript(String data) {
		if (data == null || data.trim().equals("")) {
			return "";
		}

		String ret = data;
		
		ret = ret.replaceAll("\"", """);
		ret = ret.replaceAll("\'", "'"); // single quot
		ret = ret.replaceAll("\\(", "(");
		ret = ret.replaceAll("\\)", ")");
		ret = ret.replaceAll("<", "&lt;");
		ret = ret.replaceAll(">", "&gt;");

		ret = ret.replaceAll("<(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "&lt;script");
		ret = ret.replaceAll("</(S|s)(C|c)(R|r)(I|i)(P|p)(T|t)", "&lt;/script");

		ret = ret.replaceAll("<(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "&lt;object");
		ret = ret.replaceAll("</(O|o)(B|b)(J|j)(E|e)(C|c)(T|t)", "&lt;/object");

		ret = ret.replaceAll("<(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "&lt;applet");
		ret = ret.replaceAll("</(A|a)(P|p)(P|p)(L|l)(E|e)(T|t)", "&lt;/applet");

		ret = ret.replaceAll("<(E|e)(M|m)(B|b)(E|e)(D|d)", "&lt;embed");
		ret = ret.replaceAll("</(E|e)(M|m)(B|b)(E|e)(D|d)", "&lt;embed");

		ret = ret.replaceAll("<(F|f)(O|o)(R|r)(M|m)", "&lt;form");
		ret = ret.replaceAll("</(F|f)(O|o)(R|r)(M|m)", "&lt;form");

		ret = ret.replaceAll("alert", "");
		
		return ret;
	}
	
	public String script(String data) {
		if (data == null || data.trim().equals("")) {
			return "";
		}

		String ret = data;
		
		ret = ret.replaceAll("&quot;", "\"");
		ret = ret.replaceAll("&#39;", "\'"); // single quot
		ret = ret.replaceAll("&#40;", "\\(");
		ret = ret.replaceAll("&#41;", "\\)");
		ret = ret.replaceAll("&lt;", "<");
		ret = ret.replaceAll("&gt;", ">");

		return ret;
	}
	
	public String makeQuery(String str) {
		String result = "";
        result = chkNull(str.replace("'", ""));
        result = chkNull(str.replace(";", ""));
        result = chkNull(str.replace("--", ""));
        result = chkNull(str.replace("|", ""));
        result = chkNull(str.replace(":", ""));
        result = chkNull(str.replace("+", ""));
        result = chkNull(str.replace("\\", ""));
        result = chkNull(str.replace("/", ""));
        result = chkNull(str.toLowerCase().replaceAll("select", ""));
        result = chkNull(str.toLowerCase().replaceAll("update", ""));
        result = chkNull(str.toLowerCase().replaceAll("delete", ""));
        result = chkNull(str.toLowerCase().replaceAll("insert", ""));
        result = chkNull(str.toLowerCase().replaceAll("where", ""));
        result = chkNull(str.toLowerCase().replaceAll("from", ""));
        
		result = "'"+result+"'";
		return result;
	}
	
	public static String chkNull(String str) {
		if(str == null) 
			return "";	
		else
			return str;
	}
}