package testcode.xml;

import org.apache.commons.lang.StringEscapeUtils;
import org.owasp.encoder.Encode;

/* loaded from: input_file:testcode/xml/XmlInjection.class */
public abstract class XmlInjection {
    public String badXmlStringParam(String str) {
        return "<product>\n<name>Cellphone</name>\n<price>800</price>\n<amount>" + str + "</amount></product>";
    }

    public String goodXmlStringParam(String str) {
        return "<b><a href=\"search?amount=" + Encode.forHtmlAttribute(str) + "\">Click Me</a></b>";
    }

    public String badXmlStringFunction1() {
        return "<product>\n<name>Cellphone</name>\n<price>800</price>\n<amount>" + unreliableAmount() + "</amount></product>";
    }

    public String badXmlStringFunction2() {
        return "<product>\n<name>Cellphone</name>\n<price>" + StringEscapeUtils.escapeHtml(unreliableAmount()) + "</price>\n<amount>" + unreliableAmount() + "</amount></product>";
    }

    public String badXmlStringFunction3() {
        return "<product>\n<name>Cellphone</name>\n<price>12345</price>\n<amount>" + unreliableAmount() + "</amount></product>";
    }

    public String goodXmlStringFunction1() {
        return "<product>\n<name>Cellphone</name>\n<price>800</price>\n<amount>" + StringEscapeUtils.escapeHtml(unreliableAmount()) + "</amount></product>";
    }

    public String goodXmlStringFunction2() {
        return "<product>\n<name>Cellphone</name>\n<price>800</price>\n<amount>" + StringEscapeUtils.escapeXml(unreliableAmount()) + "</amount></product>";
    }

    public String goodXmlStringFunction3() {
        return "<product>\n<name>Cellphone</name>\n<price>800</price>\n<amount>" + Encode.forHtml(unreliableAmount()) + "</amount></product>";
    }

    public String goodXmlStringFunction4() {
        return "<product>\n<name>Cellphone</name>\n<price>800</price>\n<amount>12345</amount></product>";
    }

    abstract String unreliableAmount();
}
