package org.dashbuilder.displayer.client;

import org.dashbuilder.common.client.StringUtils;
import org.dashbuilder.displayer.client.AbstractDisplayer;
import org.dashbuilder.displayer.client.resources.i18n.DisplayerConstants;

/* loaded from: input_file:WEB-INF/lib/dashbuilder-displayer-client-2.2.0.Final.jar:org/dashbuilder/displayer/client/DisplayerGwtExprEval.class */
public class DisplayerGwtExprEval implements AbstractDisplayer.ExpressionEval {
    public static final String[] _jsMalicious = {"document.", "window.", "alert(", "eval(", ".innerHTML"};
    AbstractDisplayer presenter;

    public DisplayerGwtExprEval(AbstractDisplayer abstractDisplayer) {
        this.presenter = null;
        this.presenter = abstractDisplayer;
    }

    @Override // org.dashbuilder.displayer.client.AbstractDisplayer.ExpressionEval
    public String evalExpression(String str, String str2) {
        if (StringUtils.isBlank(str2)) {
            return str;
        }
        for (String str3 : _jsMalicious) {
            if (str2.contains(str3)) {
                this.presenter.handleError(DisplayerConstants.INSTANCE.displayer_keyword_not_allowed(str2));
                throw new RuntimeException(DisplayerConstants.INSTANCE.displayer_keyword_not_allowed(str2));
            }
        }
        try {
            return _evalExpression(str, str2);
        } catch (Exception e) {
            this.presenter.handleError(DisplayerConstants.INSTANCE.displayer_expr_invalid_syntax(str2), e);
            throw new RuntimeException(DisplayerConstants.INSTANCE.displayer_expr_invalid_syntax(str2));
        }
    }

    protected native String _evalExpression(String str, String str2);
}
