package net.sourceforge.pmd.lang.jsp.rule.security;

import net.sourceforge.pmd.lang.jsp.ast.ASTElExpression;
import net.sourceforge.pmd.lang.jsp.ast.ASTElement;
import net.sourceforge.pmd.lang.jsp.rule.AbstractJspRule;

/* loaded from: input_file:target/lib/net.sourceforge.pmd.pmd-jsp.jar:net/sourceforge/pmd/lang/jsp/rule/security/NoUnsanitizedJSPExpressionRule.class */
public class NoUnsanitizedJSPExpressionRule extends AbstractJspRule {
    @Override // net.sourceforge.pmd.lang.jsp.ast.JspVisitor
    public Object visit(ASTElExpression aSTElExpression, Object obj) {
        if (elOutsideTaglib(aSTElExpression)) {
            asCtx(obj).addViolation(aSTElExpression);
        }
        return super.visit(aSTElExpression, (ASTElExpression) obj);
    }

    private boolean elOutsideTaglib(ASTElExpression aSTElExpression) {
        ASTElement aSTElement = (ASTElement) aSTElExpression.ancestors(ASTElement.class).first();
        return ((aSTElement != null && aSTElement.getName() != null && aSTElement.getName().contains(":")) || (aSTElExpression.getContent() != null && aSTElExpression.getContent().matches("^fn:escapeXml\\(.+\\)$"))) ? false : true;
    }
}
