实现通用 Web CAPTCHA 图形验证码 JavaScript 脚本 API 服务 (JavaScript 脚本动态页面引用) 完整代码


//CaptchaPlaceHolder.aspx.cs
namespace Microshaoft.WebSecurity
{
    using System;
    using System.Configuration;
    using System.Web;
    using System.Web.UI;
    using System.Text;
    using Microshaoft;
    public class CaptchaPlaceHolder : Page
    {
        public static string _UrlPrefix = ConfigurationManager.AppSettings["UrlPrefix"];
        public int _W = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultWidth"]);
        public int _H = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultHeight"]);
        public int _L = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultTextLength"]);
        public string _RequestRSAPublicKey;
        public string _ImgID = "ID_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _DivID = "ID_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _DivObjVar = "var_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _DivChildrenNodesObjVar = "var_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _DivChildNodeObjVar = "var_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _iVar = "var_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _FunctionName = "function_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _CallbackName;
        public string _RefreshCallName;
        public string _ClientID;
        public string _RSASignMode;
        public string _ScriptObjVar = "var_" + Guid.NewGuid().ToString().Replace("-", "_");
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!_UrlPrefix.EndsWith("/"))
            {
                _UrlPrefix += "/";
            }
            //AntiXss
            _CallbackName = Request.QueryString["callback"];
            _CallbackName = AntiXss.JavaScriptEncode(_CallbackName, false);
///                        if (!RegexValidateHelper.IsValidNameOrID(_CallbackName))
///                        {
///                            //AntiXss
///                            _CallbackName = "";
///                        }
            _RefreshCallName = Request.QueryString["refresh"];
            _RefreshCallName = AntiXss.JavaScriptEncode(_RefreshCallName, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_RefreshCallName))
            ///            {
            ///                //AntiXss
            ///                _RefreshCallName = "";
            ///            }
            _RSASignMode = Request.QueryString["sign"];
            _RSASignMode = AntiXss.JavaScriptEncode(_RSASignMode, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_RSASignMode))
            ///            {
            ///                //AntiXss
            ///                _RSASignMode = "";
            ///            }
            _ClientID = Request.QueryString["id"];
            _ClientID = AntiXss.JavaScriptEncode(_ClientID, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_ClientID))
            ///            {
            ///                //AntiXss
            ///                _ClientID = "";
            ///            }
            //_XSS = " <script>alert('1')</script>";
            //_FunctionName += ;
            string s = Request.QueryString["w"];
            if (StringHelper.IsValidString(s))
            {
                _W = IntegerHelper.Int32Parse(s);
            }
            s = Request.QueryString["h"];
            if (StringHelper.IsValidString(s))
            {
                _H = IntegerHelper.Int32Parse(s);
            }
            s = Request.QueryString["l"];
            if (StringHelper.IsValidString(s))
            {
                _L = IntegerHelper.Int32Parse(s);
            }
            s = Request.QueryString["rsa"];
            if (StringHelper.IsValidString(s))
            {
                byte[] buffer = Encoding.ASCII.GetBytes(s);
                _RequestRSAPublicKey = CryptoHelper.BytesArrayToHexString(buffer);
            }
        }
    }
}
//CaptchaGenerator.aspx.cs
namespace Microshaoft.WebSecurity
{
    using System;
    using System.Configuration;
    using System.Text;
    using System.Web;
    using System.Web.UI;
    using System.Security.Cryptography;
    using Microshaoft;
    public class CaptchaGenerator : Page
    {
        public static string _UrlPrefix = ConfigurationManager.AppSettings["UrlPrefix"];
        private static string _ResponseSharedTripleDESKey = ConfigurationManager.AppSettings["ResponseSharedTripleDESKey"];
        private static string _ResponseSharedTripleDESIV = ConfigurationManager.AppSettings["ResponseSharedTripleDESIV"];
        private static string _ResponseRSAPrivateKey = ConfigurationManager.AppSettings["ResponseRSAPrivateKey"];
        private static string _InternalTripleDESKey = ConfigurationManager.AppSettings["InternalTripleDESKey"];
        private static string _InternalTripleDESIV = ConfigurationManager.AppSettings["InternalTripleDESIV"];
        private static string _CharactersText = ConfigurationManager.AppSettings["CharactersText"];
        public int _W = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultWidth"]);
        public int _H = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultHeight"]);
        public int _L = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultTextLength"]);
        public string _RequestRSAPublicKey;
        public string _RSASignMode;
        public string _ResponseRSAPublicKey;
        public string _ResponseRSASignature;
        public string _ImgID;
        public string _ImgObjVar = "var_" + Guid.NewGuid().ToString().Replace("-", "_");
        public string _CallbackName;
        public string _ClientID;
        public string _OrignalVerifyCode;
        public string _EncryptedVerifyCode;
        public string _InternalTripleDESEncryptedVerifyCode;
        public string _EncryptedMode;
        protected void Page_Load(object sender, EventArgs e)
        {
            if (!_UrlPrefix.EndsWith("/"))
            {
                _UrlPrefix += "/";
            }
            //AntiXss
            _ImgID = Request.QueryString["imgid"];
            ///            //AntiXss 方法1
            _ImgID = AntiXss.JavaScriptEncode(_ImgID, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_ImgID))
            ///            {
            ///                //AntiXss 方法2
            ///                _ImgID = "";
            ///            }
            _CallbackName = Request.QueryString["callback"];
            _CallbackName = AntiXss.JavaScriptEncode(_CallbackName, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_CallbackName))
            ///            {
            ///                //AntiXss
            ///                _CallbackName = "";
            ///            }
            _RequestRSAPublicKey = Request.QueryString["rsa"];
            _RequestRSAPublicKey = AntiXss.JavaScriptEncode(_RequestRSAPublicKey, false);
            ///            if (!RegexValidateHelper.IsValidHexString(_RequestRSAPublicKey))
            ///            {
            ///                //AntiXss
            ///                _RequestRSAPublicKey = "";
            ///            }
            _RSASignMode = Request.QueryString["sign"];
            _RSASignMode = AntiXss.JavaScriptEncode(_RSASignMode, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_RSASignMode))
            ///            {
            ///                //AntiXss
            ///                _RSASignMode = "";
            ///            }
            _ClientID = Request.QueryString["id"];
            _ClientID = AntiXss.JavaScriptEncode(_ClientID, false);
            ///            if (!RegexValidateHelper.IsValidNameOrID(_CallbackName))
            ///            {
            ///                //AntiXss
            ///                _ClientID = "";
            ///            }
            string s = Request.QueryString["w"];
            if (StringHelper.IsValidString(s))
            {
                _W = IntegerHelper.Int32Parse(s);
            }
            s = Request.QueryString["h"];
            if (StringHelper.IsValidString(s))
            {
                _H = IntegerHelper.Int32Parse(s);
            }
            s = Request.QueryString["l"];
            if (StringHelper.IsValidString(s))
            {
                _L = IntegerHelper.Int32Parse(s);
            }
            s = RandomHelper.GenerateText
                                    (
                                        _CharactersText,
                                        _L
                                    );
            _OrignalVerifyCode = string.Format
                                            (
                                                "{1}{0}{2}",
                                                "\t",
                                                s,
                                                DateTime.Now.ToString("yyyyMMddHHmmss")
                                            );
            byte[] buffer = Encoding.ASCII.GetBytes(_OrignalVerifyCode);
            byte[] bytes = CryptoHelper.TripleDESEncrypt
                                            (
                                                _OrignalVerifyCode,
                                                Encoding.ASCII,
                                                _InternalTripleDESKey,
                                                _InternalTripleDESIV
                                            );
            _InternalTripleDESEncryptedVerifyCode = CryptoHelper.BytesArrayToHexString(bytes);
            if (StringHelper.IsValidString(_RequestRSAPublicKey)) //之前已经判断
            {
                bytes = CryptoHelper.HexStringToBytesArray(_RequestRSAPublicKey);
                CspParameters csp = new CspParameters();
                //csp.Flags = CspProviderFlags.UseMachineKeyStore; //network service 不需要此句
                RSACryptoServiceProvider provider = new RSACryptoServiceProvider(csp);
                bytes = CryptoHelper.HexStringToBytesArray(_RequestRSAPublicKey);
                string requestRSAPublicKey = Encoding.ASCII.GetString(bytes);
                bytes = CryptoHelper.RSAEncrypt(provider, buffer, requestRSAPublicKey, true);
                _EncryptedVerifyCode = CryptoHelper.BytesArrayToHexString(bytes);
                _EncryptedMode = "RSA";
            }
            else
            {
                bytes = CryptoHelper.TripleDESEncrypt
                                                (
                                                    _OrignalVerifyCode,
                                                    Encoding.ASCII,
                                                    _ResponseSharedTripleDESKey,
                                                    _ResponseSharedTripleDESIV
                                                );
                _EncryptedVerifyCode = CryptoHelper.BytesArrayToHexString(bytes);
                _EncryptedMode = "3DES";
            }
            if (StringHelper.IsValidString(_RSASignMode))
            {
                CspParameters csp = new CspParameters();
                //csp.Flags = CspProviderFlags.UseMachineKeyStore; //network service 不需要此句
                RSACryptoServiceProvider provider = new RSACryptoServiceProvider(csp);
                //rsa privateKey
                provider.FromXmlString(_ResponseRSAPrivateKey);
                string key = provider.ToXmlString(true);
                if (_RSASignMode.ToLower() == "md5")
                {
                    //signature rsa sha1
                    bytes = CryptoHelper.RSASignMD5(provider, buffer, key);
                }
                else if (_RSASignMode.ToLower() == "sha1")
                {
                    //signature rsa md5
                    bytes = CryptoHelper.RSASignSHA1(provider, buffer, key);
                }
                _ResponseRSASignature = CryptoHelper.BytesArrayToHexString(bytes);
                //rsa publicKey
                key = provider.ToXmlString(false);
                //bytes = Encoding.ASCII.GetBytes(key);
                _ResponseRSAPublicKey = key;
            }
        }
    }
}
//Captcha.aspx.cs
namespace Microshaoft.WebSecurity
{
    using System;
    using System.Configuration;
    using System.Drawing;
    using System.Drawing.Imaging;
    using System.IO;
    using System.Text;
    using System.Web.UI;
    using Microshaoft;
    public class Captcha : Page
    {
        private static string _InternalTripleDESKey = ConfigurationManager.AppSettings["InternalTripleDESKey"];
        private static string _InternalTripleDESIV = ConfigurationManager.AppSettings["InternalTripleDESIV"];
        public int _W = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultWidth"]);
        public int _H = IntegerHelper.Int32Parse(ConfigurationManager.AppSettings["DefaultHeight"]);
        protected void Page_Load(object sender, EventArgs e)
        {
            string text = Request.QueryString["text"];
            byte[] buffer = null;
            try
            {
                buffer = CryptoHelper.TripleDESDecrypt
                                                (
                                                    CryptoHelper.HexStringToBytesArray(text),
                                                    CryptoHelper.HexStringToBytesArray(_InternalTripleDESKey),
                                                    CryptoHelper.HexStringToBytesArray(_InternalTripleDESIV)
                                                );
            }
            catch// (Exception exception)
            {
                buffer = new byte[0];
            }
            text = Encoding.ASCII.GetString(buffer);
            string[] a = text.Split(new char[] { '\t' });
            text = a[0];
            string s = Request.QueryString["w"];
            if (StringHelper.IsValidString(s))
            {
                _W = IntegerHelper.Int32Parse(s);
            }
            s = Request.QueryString["h"];
            if (StringHelper.IsValidString(s))
            {
                _H = IntegerHelper.Int32Parse(s);
            }
            Bitmap bmp = new Bitmap(_W, _H);
            //GraphicsHelper.DrawLinearGradientBackground(bmp);
            GraphicsHelper.DrawRandomColorsNoiseLines
                                                (
                                                    bmp,
                                                    1
                                                );
            GraphicsHelper.DrawRandomColorsNoisePoints
                                                (
                                                    bmp,
                                                    1
                                                );
            GraphicsHelper.DrawTextString
                                    (
                                        bmp,
                                        text,
                ///                                        new Color[]
                ///                                                {
                ///                                                    Color.Black,
                ///                                                    Color.Red,
                ///                                                    Color.Green,
                ///                                                    Color.Blue,
                ///                                                },
                                        new string[]
                                                {
                                                    "System",
                                                    "Courier New",
                                                    "Fixedsys",
                                                    "Arial",
//                                                    "Arial Black",
                                                }
                                    );
            GraphicsHelper.RandomDistortImage(bmp, 5);
            GraphicsHelper.DrawRandomColorsEdgeLine
                                                (
                                                    bmp,
                                                    1
                                                );
            MemoryStream ms = new MemoryStream();
            bmp.Save(ms, ImageFormat.Png);
            Response.ClearContent();
            //Response.ContentType = "image/Png";
            Response.BinaryWrite(ms.ToArray());
            bmp.Dispose();
            bmp = null;
        }
    }
}
//CryptoHelper.cs
namespace Microshaoft
{
    using System;
    using System.Security.Cryptography;
    using System.Text;
    using System.IO;
    class Class1
    {
        static void Main()
        {
            //RSA
            UTF8Encoding e = new UTF8Encoding();
            byte[] data = e.GetBytes("测试@microshaoft.com");
            byte[] encryptedData;
            //byte[] decryptedData;
            RSACryptoServiceProvider x = new RSACryptoServiceProvider();
            x.FromXmlString("<RSAKeyValue><Modulus>w7dgn+djOWI7ctEhI066QuQz8oF7Q2vUPQn/ypNkRJv+zFketiIFv0+Dlj9C3QVzZTri69BGA9F92h4ylImjmDqzONYF3Y5SWbiBed1yv57pUIGYSaV/JXBdNCztFYOgVgV/BTGWOYFF/Poc0hx5TGz4Pi98VsNqAHC6Vzjjp20=</Modulus><Exponent>AQAB</Exponent><P>58L7fZmUZ1kaHtXQi+IkWXt5HnoIRTdQOdYhPH7VTopXY8Ls/zJ/blK/JNsGLW/UcP4JQp2+peBo7ocZGfg33w==</P><Q>2C9X9cMmkvJphCW5nnbRObCyA1H+ni2Jrtw2FtjZXTU2YPnUSj4ZMMlTyqWIgDgFXRQl+KZvLPQUvgUGSTg6Mw==</Q><DP>h0E0khVaFYJbixlPTwOYIRy9D7s6LmLckBRWaz6978suuwrcUwa+db0WzkSAc23rNlIbR2RWCepQcrwnOw+wUw==</DP><DQ>Kjg8xmthWitrffpcIN11iP3AFjPqNPwRuouZKKca9EATKadA1WsBQmzfJ2Fioh/OtFnd/IyMg8v7TQzwKFaJzw==</DQ><InverseQ>F7IVGC70VctnvQiUwTeoAOQMIBa4l74IWsfxu2YCuv826L1/ETBbGXn2MgyJibTcLuXKxKZvbYQ8OW5wCvyLvg==</InverseQ><D>cZd8ADLW1xZZdKFGP2zRFEPIlqZp+U6bJzYnfNag6mUztDzBY2pJtaibsddTol4ohIdx7vW5vTuYdMD0EFv2Uz85t6jUi5oogZaKXv2vKSI5DHkWX2SyyEWceIPcf40qDG/xkGIrfL3nH8w6t7SY4ZKx6dn6wmAoFnZwcL2aPo0=</D></RSAKeyValue>");
            //<RSAKeyValue><Modulus>w7dgn+djOWI7ctEhI066QuQz8oF7Q2vUPQn/ypNkRJv+zFketiIFv0+Dlj9C3QVzZTri69BGA9F92h4ylImjmDqzONYF3Y5SWbiBed1yv57pUIGYSaV/JXBdNCztFYOgVgV/BTGWOYFF/Poc0hx5TGz4Pi98VsNqAHC6Vzjjp20=</Modulus><Exponent>AQAB</Exponent><P>58L7fZmUZ1kaHtXQi+IkWXt5HnoIRTdQOdYhPH7VTopXY8Ls/zJ/blK/JNsGLW/UcP4JQp2+peBo7ocZGfg33w==</P><Q>2C9X9cMmkvJphCW5nnbRObCyA1H+ni2Jrtw2FtjZXTU2YPnUSj4ZMMlTyqWIgDgFXRQl+KZvLPQUvgUGSTg6Mw==</Q><DP>h0E0khVaFYJbixlPTwOYIRy9D7s6LmLckBRWaz6978suuwrcUwa+db0WzkSAc23rNlIbR2RWCepQcrwnOw+wUw==</DP><DQ>Kjg8xmthWitrffpcIN11iP3AFjPqNPwRuouZKKca9EATKadA1WsBQmzfJ2Fioh/OtFnd/IyMg8v7TQzwKFaJzw==</DQ><InverseQ>F7IVGC70VctnvQiUwTeoAOQMIBa4l74IWsfxu2YCuv826L1/ETBbGXn2MgyJibTcLuXKxKZvbYQ8OW5wCvyLvg==</InverseQ><D>cZd8ADLW1xZZdKFGP2zRFEPIlqZp+U6bJzYnfNag6mUztDzBY2pJtaibsddTol4ohIdx7vW5vTuYdMD0EFv2Uz85t6jUi5oogZaKXv2vKSI5DHkWX2SyyEWceIPcf40qDG/xkGIrfL3nH8w6t7SY4ZKx6dn6wmAoFnZwcL2aPo0=</D></RSAKeyValue>
            string privateKey = x.ToXmlString(true);
            Console.WriteLine("RSA Private Key: {0}", privateKey);
            string publicKey = x.ToXmlString(false);
            Console.WriteLine("RSA Public Key: {0}", publicKey);
            //公钥加密
            encryptedData = CryptoHelper.RSAEncrypt(data, publicKey, false);
            //私钥解密
            data = CryptoHelper.RSADecrypt(encryptedData, privateKey, false);
            Console.WriteLine("RSA Decrypted plaintext: {0}", e.GetString(data));
            //私钥签名
            byte[] signature = CryptoHelper.RSASignSHA1(data, privateKey);
            //公钥验签
            Console.WriteLine(CryptoHelper.RSAVerifySHA1(data, publicKey, signature));
            //TripleDES
            string key = "000111222333444555666777888999aaabbbcccdddeeefff";//48
            key = "012345678901234567890123456789012345678901234567";
            key = "abcdefabcdefabcdefabcdefabcdefabcdefabcdefabcdef";
            key = "0123456789abcdef01111111111111111111111111111110";
            string iv = "0123456789abcdef";//16
            iv = "0000000000000000";
            data = e.GetBytes("测试@microshaoft.com");
            data = CryptoHelper.TripleDESEncrypt
                                            (
                                                data,
                                                CryptoHelper.HexStringToBytesArray(key),
                                                CryptoHelper.HexStringToBytesArray(iv)
                                            );
            data = CryptoHelper.TripleDESDecrypt
                                            (
                                                data,
                                                CryptoHelper.HexStringToBytesArray(key),
                                                CryptoHelper.HexStringToBytesArray(iv)
                                            );
            Console.WriteLine("3DES Decrypted plaintext: {0}", e.GetString(data));
            Console.WriteLine(Environment.Version.ToString());
        }
    }
    public static class CryptoHelper
    {
        public static byte[] RSASignSHA1
                                (
                                    byte[] data
                                    , string privateKey
                                )
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            return RSASignSHA1
                        (
                            provider
                            , data
                            , privateKey
                        );
        }
        public static byte[] RSASignSHA1
                (
                    RSACryptoServiceProvider provider
                    , byte[] data
                    , string privateKey
                )
        {
            provider.FromXmlString(privateKey);
            return provider.SignHash
                                (
                                    ComputeSHA1(data)
                                    , "SHA1"
                                );
        }
        public static bool RSAVerifySHA1
                                (
                                    byte[] data
                                    , string publicKey
                                    , byte[] signature
                                )
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            return RSAVerifySHA1
                            (
                                provider
                                , data
                                , publicKey
                                , signature
                            );
        }
        public static bool RSAVerifySHA1
                                (
                                    RSACryptoServiceProvider provider
                                    , byte[] data
                                    , string publicKey
                                    , byte[] signature
                                )
        {
            provider.FromXmlString(publicKey);
            return provider.VerifyHash
                                (
                                    ComputeSHA1(data)
                                    , "SHA1"
                                    , signature
                                );
        }
        public static byte[] RSASignMD5
                                (
                                    byte[] data
                                    , string privateKey
                                )
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            return RSASignMD5
                        (
                            provider
                            , data
                            , privateKey
                        );
        }
        public static byte[] RSASignMD5
                                (
                                    RSACryptoServiceProvider provider
                                    , byte[] data
                                    , string privateKey
                                )
        {
            provider.FromXmlString(privateKey);
            return provider.SignHash
                        (
                            ComputeMD5(data)
                            , "MD5"
                        );
        }
        public static bool RSAVerifyMD5
                                (
                                    byte[] data
                                    , string publicKey
                                    , byte[] signature
                                )
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            return RSAVerifyMD5
                                (
                                    provider
                                    , data
                                    , publicKey
                                    , signature
                                );
        }
        public static bool RSAVerifyMD5
                                (
                                    RSACryptoServiceProvider provider
                                    , byte[] data
                                    , string publicKey
                                    , byte[] signature
                                )
        {
            provider.FromXmlString(publicKey);
            return provider.VerifyHash
                                (
                                    ComputeMD5(data)
                                    , "MD5"
                                    , signature
                                );
        }
        public static byte[] RSAEncrypt
                                (
                                    byte[] data
                                    , string publicKey
                                    , bool DoOAEPPadding
                                )
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            return RSAEncrypt
                        (
                            provider,
                            data,
                            publicKey,
                            DoOAEPPadding
                        );
        }
        public static byte[] RSAEncrypt
                        (
                            RSACryptoServiceProvider provider
                            , byte[] data
                            , string publicKey
                            , bool DoOAEPPadding
                        )
        {
            provider.FromXmlString(publicKey);
            return provider.Encrypt(data, DoOAEPPadding);
        }
        public static byte[] RSADecrypt
                                (
                                    byte[] data
                                    , string privateKey
                                    , bool DoOAEPPadding
                                )
        {
            RSACryptoServiceProvider provider = new RSACryptoServiceProvider();
            return RSADecrypt
                        (
                            provider,
                            data,
                            privateKey,
                            DoOAEPPadding
                        );
        }
        public static byte[] RSADecrypt
                        (
                            RSACryptoServiceProvider provider
                            , byte[] data
                            , string privateKey
                            , bool DoOAEPPadding
                        )
        {
            provider.FromXmlString(privateKey);
            return provider.Decrypt(data, DoOAEPPadding);
        }
        public static byte[] TripleDESDecrypt
                                        (
                                            byte[] data
                                            , byte[] Key
                                            , byte[] IV
                                        )
        {
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            des.Key = Key;
            des.IV = IV;
            return des.CreateDecryptor().TransformFinalBlock(data, 0, data.Length);
        }
        public static byte[] TripleDESDecrypt
                                        (
                                            string text
                                            , string HexStringKey
                                            , string HexStringIV
                                        )
        {
            return TripleDESDecrypt
                            (
                                HexStringToBytesArray(text)
                                , HexStringToBytesArray(HexStringKey)
                                , HexStringToBytesArray(HexStringIV)
                            );
        }
        public static byte[] TripleDESDecrypt
                                    (
                                        string text
                                        , byte[] Key
                                        , byte[] IV
                                    )
        {
            return TripleDESDecrypt
                            (
                                HexStringToBytesArray(text)
                                , Key
                                , IV
                            );
        }
        public static string TripleDESDecrypt
                                    (
                                        string text
                                        , string HexStringKey
                                        , string HexStringIV
                                        , Encoding e //原文的encoding
                                    )
        {
            return e.GetString
                (
                    TripleDESDecrypt
                        (
                            text
                            , HexStringKey
                            , HexStringIV
                        )
                );
        }
        public static string TripleDESDecrypt
                                    (
                                        string text
                                        , byte[] Key
                                        , byte[] IV
                                        , Encoding e //原文的encoding
                                    )
        {
            return e.GetString
                        (
                            TripleDESDecrypt
                                (
                                    text
                                    , Key
                                    , IV
                                )
                        );
        }
        public static string GenerateTripleDESHexStringKey()
        {
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            des.GenerateKey();
            return BytesArrayToHexString(des.Key);
        }
        public static string GenerateTripleDESHexStringIV()
        {
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            des.GenerateIV();
            return BytesArrayToHexString(des.IV);
        }
        public static byte[] TripleDESEncrypt
                                        (
                                            byte[] data
                                            , byte[] Key
                                            , byte[] IV
                                        )
        {
            TripleDESCryptoServiceProvider des = new TripleDESCryptoServiceProvider();
            des.Key = Key;
            des.IV = IV;
            return des.CreateEncryptor().TransformFinalBlock(data, 0, data.Length);
        }
        public static byte[] TripleDESEncrypt
                                        (
                                            string text
                                            , Encoding e
                                            , byte[] Key
                                            , byte[] IV
                                        )
        {
            return TripleDESEncrypt
                            (
                                e.GetBytes(text)
                                , Key
                                , IV
                            );
        }
        public static byte[] TripleDESEncrypt
                                        (
                                            string text
                                            , Encoding e
                                            , string HexStringKey
                                            , string HexStringIV
                                        )
        {
            return TripleDESEncrypt
                            (
                                text
                                , e
                                , HexStringToBytesArray(HexStringKey)
                                , HexStringToBytesArray(HexStringIV)
                            );
        }
        public static byte[] ComputeSHA1(byte[] data)
        {
            return new SHA1CryptoServiceProvider().ComputeHash(data);
        }
        public static byte[] ComputeSHA1(string text, Encoding e)
        {
            return ComputeSHA1(e.GetBytes(text));
        }
        public static byte[] ComputeSHA1(string text)
        {
            return ComputeSHA1(text, Encoding.UTF8);
        }
        public static byte[] ComputeSHA1(Stream stream)
        {
            return new SHA1CryptoServiceProvider().ComputeHash(stream);
        }
        public static byte[] ComputeMD5(byte[] data)
        {
            return new MD5CryptoServiceProvider().ComputeHash(data, 0, data.Length);
        }
        public static byte[] ComputeMD5(string text, Encoding e)
        {
            return ComputeMD5(e.GetBytes(text));
        }
        public static byte[] ComputeMD5(string text)
        {
            return ComputeMD5(text, Encoding.UTF8);
        }
        public static byte[] ComputeMD5(Stream stream)
        {
            return new MD5CryptoServiceProvider().ComputeHash(stream);
        }
        public static string BytesArrayToHexString(byte[] data)
        {
            return BitConverter.ToString(data).Replace("-", "");
        }
        public static byte[] HexStringToBytesArray(string text)
        {
            text = text.Replace(" ", "");
            int l = text.Length;
            byte[] buffer = new byte[l / 2];
            for (int i = 0; i < l; i += 2)
            {
                buffer[i / 2] = Convert.ToByte(text.Substring(i, 2), 16);
            }
            return buffer;
        }
    }
}
//DateTimeHelper.cs
namespace Microshaoft
{
    using System;
    using System.Globalization;
    public static class DateTimeHelper
    {
        public static bool IsVaildateTimestamp(DateTime timeStamp, int timeoutSeconds)
        {
            long l = SecondsDiffNow(timeStamp);
            return ((l > 0) && (l < timeoutSeconds));
        }
        public static long MillisecondsDiffNow(DateTime time)
        {
            long now = DateTime.Now.Ticks;
            long t = time.Ticks;
            return (now - t) / 10000;
        }
        public static long SecondsDiffNow(DateTime time)
        {
            return MillisecondsDiffNow(time) / 1000;
        }
        public static string Get_MMddHHmmss_String(DateTime time)
        {
            return time.ToString("MMddHHmmss");
        }
        public static string Get_yyyyMMddHHmmss_String(DateTime time)
        {
            return time.ToString("yyyyMMddHHmmss");
        }
        public static string Get_yyyyMMdd_String(DateTime time)
        {
            return time.ToString("yyyyMMdd");
        }
        public static DateTime Parse_yyyyMMddHHmmss(string text)
        {
            DateTime time = DateTime.TryParseExact
                                            (
                                                text
                                                , "yyyyMMddHHmmss"
                                                , DateTimeFormatInfo.InvariantInfo
                                                , DateTimeStyles.None
                                                , out time
                                            ) ? time : DateTime.MinValue;
            return time;
        }
        public static DateTime Parse_MMddHHmmss(int year, string text)
        {
            return Parse_yyyyMMddHHmmss(year.ToString("0000") + text);
        }
    }
}
//IntegerHelper.cs
namespace Microshaoft
{
    using System;
    public static class IntegerHelper
    {
        public static int Int32Parse(string text)
        {
            int i = int.TryParse
                            (
                                text
                                , out i
                            ) ? i : int.MinValue;
            return i;
        }
        public static uint UInt32Parse(string text)
        {
            uint i = uint.TryParse
                                (
                                    text
                                    , out i
                                ) ? i : uint.MaxValue;
            return i;
        }
        public static short Int16Parse(string text)
        {
            short i = short.TryParse
                                (
                                    text
                                    , out i
                                ) ? i : short.MinValue;
            return i;
        }
        public static ushort UInt16Parse(string text)
        {
            ushort i = ushort.TryParse
                                    (
                                        text
                                        , out i
                                    ) ? i : ushort.MaxValue;
            return i;
        }
        public static long Int64Parse(string text)
        {
            long i = long.TryParse
                                (
                                    text
                                    , out i
                                ) ? i : long.MinValue;
            return i;
        }
        public static ulong UInt64Parse(string text)
        {
            ulong i = ulong.TryParse
                                (
                                    text
                                    , out i
                                ) ? i : ulong.MaxValue;
            return i;
        }
    }
}
//StringHelper.cs
namespace Microshaoft
{
    using System;
    public static class StringHelper
    {
        public static bool IsValidString(string text)
        {
            return
                (
                    !string.IsNullOrEmpty(text) &&
                ///                    text != string.Empty &&
                ///                    text != null &&
                    text.Trim().Length > 0
                );
        }
    }
}
//RandomHelper.cs
namespace Microshaoft
{
    using System;
    public class RandomHelper
    {
        public static string GenerateText
                                (
                                    char[] characters
                                    , int length
                                )
        {
            Random random = new Random();
            string s = "";
            //生成验证码字符串
            for (int i = 0; i < length; i++)
            {
                s += characters[random.Next(characters.Length)];
            }
            return s;
        }
        public static string GenerateText
                                    (
                                        string charactersText
                                        , int length
                                    )
        {
            return GenerateText
                            (
                                charactersText.ToCharArray(),
                                length
                            );
        }
    }
}
//GraphicsHelper.cs
namespace Microshaoft
{
    using System;
    using System.Drawing;
    using System.Drawing.Text;
    using System.Drawing.Imaging;
    using System.Drawing.Drawing2D;
    public static class GraphicsHelper
    {
        private struct FontState
        {
            public Font TextFont;
            public float TextWidth;
            public float TextHeight;
        }
        public static void DrawLinearGradientBackground
                                        (
                                            Bitmap bmp
                                        )
        {
            Random random = new Random();
            using (Graphics g = Graphics.FromImage(bmp))
            {
                using (
                        Brush b = new LinearGradientBrush
                                                (
                                                    new Rectangle
                                                                (
                                                                    0,
                                                                    0,
                                                                    bmp.Width,
                                                                    bmp.Height
                                                                ),
                                                    Color.FromArgb
                                                                (
                                                                    random.Next(256),
                                                                    random.Next(256),
                                                                    random.Next(256)
                                                                ),
                                                    //Color.Green,
                                                    Color.FromArgb
                                                                (
                                                                    random.Next(256),
                                                                    random.Next(256),
                                                                    random.Next(256)
                                                                ),
                                                    //Color.Yellow,
                                                    (float) (random.Next() * 360),
                                                    false
                                                )
                        )
                {
                    g.FillRectangle(b, 0, 0, bmp.Width, bmp.Height);
                }
            }
        }
        public static void DrawTextString
                        (
                            Bitmap bmp,
                            string text,
            //                            Color[] foregroundColors,
                            string[] fontsNames
                        )
        {
            Random random = new Random();
            using (Graphics g = Graphics.FromImage(bmp))
            {
                g.SmoothingMode = SmoothingMode.AntiAlias;
                g.TextRenderingHint = TextRenderingHint.ClearTypeGridFit;
                int l = text.Length;
                float w = (float) bmp.Width / l;
                float h = (float) bmp.Height;
                float p = 0f;
                FontState[] fontStates = new FontState[l];
                for (int i = 0; i < l; i++)
                {
                    FontStyle fs = FontStyle.Bold;
                    if (random.Next() % 2 == 0)
                    {
                        fs |= FontStyle.Italic;
                    }
                    float fontSize = (w < h ? w : h);
                    Font font;
                    SizeF sizeF;
                    do
                    {
                        font = new Font
                                    (
                                        fontsNames[random.Next(fontsNames.Length)],
                                        fontSize,
                                        fs
                                    );
                        fontSize --;
                        sizeF = g.MeasureString(text[i].ToString(), font);
                    } while ((sizeF.Width > w) || (sizeF.Height > h));
                    FontState state = new FontState();
                    state.TextFont = font;
                    state.TextWidth = (sizeF.Width);
                    state.TextHeight = (sizeF.Height);
                    fontStates[i] = state;
                    p += sizeF.Width;
                }
                p = (bmp.Width - p) / 2.0f;
                for (int i = 0; i < fontStates.Length; i++)
                {
//                    Color color = ;
                    using (Brush brush = new LinearGradientBrush
                                                        (
                                                            new Rectangle
                                                                    (
                                                                        0,
                                                                        0,
                                                                        (int) fontStates[i].TextWidth / 2,
                                                                        (int) fontStates[i].TextHeight / 2
                                                                    ),
                                                            //Color.Black,
                                                            Color.FromArgb
                                                                        (
                                                                            random.Next(256),
                                                                            random.Next(256),
                                                                            random.Next(256)
                                                                        ),
                                                            //Color.Blue,
                                                            Color.FromArgb
                                                                        (
                                                                            random.Next(256),
                                                                            random.Next(256),
                                                                            random.Next(256)
                                                                        ),
                                                            (float) (random.Next() * 360),
                                                            false
                                                        )
                        )
                    {
                        Brush b =  new SolidBrush(Color.Black);
///                                                (
///                                                    Color.FromArgb
///                                                                (
///                                                                    random.Next(256),
///                                                                    random.Next(256),
///                                                                    random.Next(256)
///                                                                )
///                                                );
                        g.DrawString
                        (
                            text[i].ToString()
                            , fontStates[i].TextFont
                            , b
                            , (float) p - 1
                            , (bmp.Height - fontStates[i].TextHeight) / 2.0f - 1
                        );
                        g.DrawString
                        (
                            text[i].ToString()
                            , fontStates[i].TextFont
                            , b
                            , (float) p + 1
                            , (bmp.Height - fontStates[i].TextHeight) / 2.0f + 1
                        );
///                        GraphicsPath gp = new GraphicsPath();
///                        gp.AddString
///                                (
///                                    text[i].ToString(),
///                                    fontStates[i].TextFont.FontFamily,
///                                    (int) FontStyle.Bold,
///                                    fontStates[i].TextFont.Size,
///                                    new PointF(p, (bmp.Height - fontStates[i].TextHeight) / 2.0f),
///                                    StringFormat.GenericDefault
///                                );
///                       g.DrawPath(new Pen(Color.Red, 1), gp);
                        g.DrawString
                        (
                            text[i].ToString()
                            , fontStates[i].TextFont
                            , brush
                            , (float) p
                            , (bmp.Height - fontStates[i].TextHeight) / 2.0f
                        );
                    }
                    p += fontStates[i].TextWidth;
                }
            }
        }
        public static void RandomDistortImage(Bitmap bmp, int i)
        {
            Random random = new Random();
            double d = i * (random.Next(2) == 1 ? 1 : -1);
            DistortImage(bmp, d);
        }
        public static void DistortImage
                                (
                                    Bitmap bmp,
                                    double distortion
                                )
        {
            int width = bmp.Width;
            int height = bmp.Height;
            using (Bitmap copy = (Bitmap)bmp.Clone())
            {
                for (int y = 0; y < height; y++)
                {
                    for (int x = 0; x < width; x++)
                    {
                        int newX = (int)(x + (distortion * Math.Sin(Math.PI * y / 64)));
                        int newY = (int)(y + (distortion * Math.Cos(Math.PI * x / 64)));
                        if (newX < 0 || newX >= width)
                        {
                            newX = 0;
                        }
                        if (newY < 0 || newY >= height)
                        {
                            newY = 0;
                        }
                        bmp.SetPixel(x, y, copy.GetPixel(newX, newY));
                    }
                }
            }
        }
        public static Bitmap Clear
                                (
                                    Bitmap bmp,
                                    Color color
                                )
        {
            Graphics g = Graphics.FromImage(bmp);
            g.Clear(color);
            g.Dispose();
            g = null;
            return bmp;
        }
        public static Bitmap DrawRandomColorsNoiseLines
                                                (
                                                    Bitmap bmp,
                                                    int lineWidth
                                                )
        {
            Random random = new Random();
            Graphics g = Graphics.FromImage(bmp);
            g.SmoothingMode = SmoothingMode.AntiAlias;
            //画噪线
            int area = bmp.Width * bmp.Height;
            for (int i = 0; i < area / 500; i++)
            {
                int x1 = random.Next(bmp.Width);
                int y1 = random.Next(bmp.Height);
                int x2 = random.Next(bmp.Width);
                int y2 = random.Next(bmp.Height);
                g.DrawLine
                        (
                            new Pen
                                    (
                                        Color.FromArgb
                                                    (
                                                        random.Next(256),
                                                        random.Next(256),
                                                        random.Next(256)
                                                    ),
                                        lineWidth
                                    ),
                            x1,
                            y1,
                            x2,
                            y2
                        );
            }
            g.Dispose();
            g = null;
            return bmp;
        }
        public static void DrawRandomColorsNoisePoints
                                                (
                                                    Bitmap bmp,
                                                    int brushWidth
                                                )
        {
            Random random = new Random();
            Graphics g = Graphics.FromImage(bmp);
            g.SmoothingMode = SmoothingMode.AntiAlias;
            int area = bmp.Width * bmp.Height;
            //画噪点
            for (int i = 0; i < area / 20; i++)
            {
                int x = random.Next(bmp.Width);
                int y = random.Next(bmp.Height);
                bmp.SetPixel
                        (
                            x,
                            y,
                            Color.FromArgb
                                        (
                                            random.Next(256),
                                            random.Next(256),
                                            random.Next(256)
                                        )
                        );
            }
            g.Dispose();
            g = null;
        }
        public static void DrawRandomColorsEdgeLine
                                            (
                                                Bitmap bmp,
                                                int brushWidth
                                            )
        {
            Random random = new Random();
            Graphics g = Graphics.FromImage(bmp);
            g.SmoothingMode = SmoothingMode.AntiAlias;
            //画边框
            g.DrawLine
                    (
                        new Pen
                                (
                                    Color.FromArgb
                                                (
                                                    random.Next(256),
                                                    random.Next(256),
                                                    random.Next(256)
                                                ),
                                    brushWidth
                                ),
                        0,
                        0,
                        bmp.Width - 1,
                        0
                    );
            g.DrawLine
                    (
                        new Pen
                                (
                                    Color.FromArgb
                                                (
                                                    random.Next(256),
                                                    random.Next(256),
                                                    random.Next(256)
                                                ),
                                    brushWidth
                                ),
                        0,
                        0,
                        0,
                        bmp.Height - 1
                    );
            g.DrawLine
                    (
                        new Pen
                                (
                                    Color.FromArgb
                                                (
                                                    random.Next(256),
                                                    random.Next(256),
                                                    random.Next(256)
                                                ),
                                    brushWidth
                                ),
                        bmp.Width - 1,
                        0,
                        bmp.Width - 1,
                        bmp.Height - 1
                    );
            g.DrawLine
                    (
                        new Pen
                                (
                                    Color.FromArgb
                                                (
                                                    random.Next(256),
                                                    random.Next(256),
                                                    random.Next(256)
                                                ),
                                    brushWidth
                                ),
                        0,
                        bmp.Height - 1,
                        bmp.Width - 1,
                        bmp.Height - 1
                    );
            g.Dispose();
            g = null;
        }
    }
}
//RegexValidateHelper.cs
namespace Microshaoft
{
    //using System;
    using System.Text.RegularExpressions;
    public static class RegexValidateHelper
    {
        public static bool IsValidNameOrID(string s)
        {
            return StringHelper.IsValidString(s) && Regex.IsMatch(s, @"^[_A-Za-z]\w+$");
        }
        public static bool IsValidHexString(string s)
        {
            return StringHelper.IsValidString(s) && Regex.IsMatch(s, @"[0-9A-Fa-f]");
        }
        public static bool IsValidEmail(string s)
        {
            return Regex.IsMatch(s, @"([\w-\.]+)@((\[[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.)|(([\w-]+\.)+))([a-zA-Z]{2,4}|[0-9]{1,3})(\]?)$");
        }
        public static bool IsValidDate(string s)
        {
            return Regex.IsMatch(s, @"((((1[6-9]|[2-9]\d)\d{2})-(0?[13578]|1[02])-(0?[1-9]|[12]\d|3[01]))|(((1[6-9]|[2-9]\d)\d{2})-(0?[13456789]|1[012])-(0?[1-9]|[12]\d|30))|(((1[6-9]|[2-9]\d)\d{2})-0?2-(0?[1-9]|1\d|2[0-8]))|(((1[6-9]|[2-9]\d)(0[48]|[2468][048]|[13579][26])|((16|[2468][048]|[3579][26])00))-0?2-29-))$");
        }
        public static bool IsValidDateTime(string s)
        {
            return Regex.IsMatch(s, @"((((1[6-9]|[2-9]\d)\d{2})-(0?[13578]|1[02])-(0?[1-9]|[12]\d|3[01]))|(((1[6-9]|[2-9]\d)\d{2})-(0?[13456789]|1[012])-(0?[1-9]|[12]\d|30))|(((1[6-9]|[2-9]\d)\d{2})-0?2-(0?[1-9]|1\d|2[0-8]))|(((1[6-9]|[2-9]\d)(0[48]|[2468][048]|[13579][26])|((16|[2468][048]|[3579][26])00))-0?2-29-)) (20|21|22|23|[0-1]?\d):[0-5]?\d:[0-5]?\d$");
        }
    }
}
namespace Microshaoft //Microsoft.Security.Application
{
    #region Namespaces
    using System;
    using System.Drawing;
    using System.Web;
    using System.Text;
    #endregion
    #region Namespace - Microsoft.Security.Application
    public class AntiXss
    {
        #region MEMBERS
        ///---------------------------------------------------------------------
        /// <summary>
        ///     Empty string for Visual Basic Script contextes
        /// </summary>
        ///---------------------------------------------------------------------
        private const string EmptyStringVBS = "\"\"";
        ///---------------------------------------------------------------------
        /// <summary>
        ///     Empty string for Java Script contextes
        /// </summary>
        ///---------------------------------------------------------------------
        private const string EmptyStringJavaScript = "''";
        #region WHITELIST_CHAR_ARRAY_INITIALIZATION
        /// <summary>
        /// Initializes character Html encoding array
        /// </summary>
        private static char[][] WhitelistCodes = InitWhitelistCodes();
        private static char[][] InitWhitelistCodes()
        {
            char[][] allCharacters = new char[65536][];
            char[] thisChar;
            for (int i = 0; i < allCharacters.Length; i++)
            {
                if (
                    (i >= 97 && i <= 122) ||        // a-z
                    (i >= 65 && i <= 90) ||         // A-Z
                    (i >= 48 && i <= 57) ||         // 0-9
                    i == 32 ||                      // space
                    i == 46 ||                      // .
                    i == 44 ||                      // ,
                    i == 45 ||                      // -
                    i == 95 ||                      // _
                    (i >= 256 && i <= 591) ||       // Latin,Extended-A,Latin Extended-B
                    (i >= 880 && i <= 2047) ||      // Greek and Coptic,Cyrillic,Cyrillic Supplement,Armenian,Hebrew,Arabic,Syriac,Arabic,Supplement,Thaana,NKo
                    (i >= 2304 && i <= 6319) ||     // Devanagari,Bengali,Gurmukhi,Gujarati,Oriya,Tamil,Telugu,Kannada,Malayalam,Sinhala,Thai,Lao,Tibetan,Myanmar,eorgian,Hangul Jamo,Ethiopic,Ethiopic Supplement,Cherokee,Unified Canadian Aboriginal Syllabics,Ogham,Runic,Tagalog,Hanunoo,Buhid,Tagbanwa,Khmer,Mongolian
                    (i >= 6400 && i <= 6687) ||     // Limbu, Tai Le, New Tai Lue, Khmer, Symbols, Buginese
                    (i >= 6912 && i <= 7039) ||     // Balinese
                    (i >= 7680 && i <= 8191) ||     // Latin Extended Additional, Greek Extended
                    (i >= 11264 && i <= 11743) ||   // Glagolitic, Latin Extended-C, Coptic, Georgian Supplement, Tifinagh, Ethiopic Extended
                    (i >= 12352 && i <= 12591) ||   // Hiragana, Katakana, Bopomofo
                    (i >= 12688 && i <= 12735) ||   // Kanbun, Bopomofo Extended
                    (i >= 12784 && i <= 12799) ||   // Katakana, Phonetic Extensions
                    (i >= 40960 && i <= 42191) ||   // Yi Syllables, Yi Radicals
                    (i >= 42784 && i <= 43055) ||   // Latin Extended-D, Syloti, Nagri
                    (i >= 43072 && i <= 43135) ||   // Phags-pa
                    (i >= 44032 && i <= 55215) ||   // Hangul Syllables
                    (i >= 19968 && i <= 40899)      // Mixed japanese/chinese/korean
                )
                {
                    allCharacters[i] = null;
                }
                else
                {
                    string iString = i.ToString();
                    int iStringLen = iString.Length;
                    thisChar = new char[iStringLen];     // everything else
                    for (int j = 0; j < iStringLen; j++)
                    {
                        thisChar[j] = iString[j];
                    }
                    allCharacters[i] = thisChar;
                }
            }
            return allCharacters;
        }
        #endregion
        #endregion
        #region Encoding Methods
        #region HTMLEncode - string input
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in HTML.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <returns>
        ///     Encoded string for use in HTML.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the &amp;#DECIMAL; notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Space</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>alert&#40;&#39;XSS Attack&#33;&#39;&#41;&#59;</description></item>
        /// <item><term>user@contoso.com</term><description>user&#64;contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string HtmlEncode(string input)
        {
            if (String.IsNullOrEmpty(input))
            {
                return string.Empty;
            }
            // Use a new char array.
            int len = 0;
            int tLen = input.Length;
            char[] returnMe = new char[tLen * 8];
            char[] thisChar;
            int thisCharID;
            for (int i = 0; i < tLen; i++)
            {
                thisCharID = (int)input[i];
                if (WhitelistCodes[thisCharID] != null)
                {
                    // character needs to be encoded
                    thisChar = WhitelistCodes[thisCharID];
                    returnMe[len++] = '&';
                    returnMe[len++] = '#';
                    for (int j = 0; j < thisChar.Length; j++)
                    {
                        returnMe[len++] = thisChar[j];
                    }
                    returnMe[len++] = ';';
                }
                else
                {
                    // character does not need encoding
                    returnMe[len++] = input[i];
                }
            }
            return new String(returnMe, 0, len);
        }
        #endregion
        #region HTMLEncode - string input, KnownColor clr
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input string and embeds in a SPAN tag for use in HTML.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <param name="clr">KnownColor like System.Drawing.KnownColor.CadetBlue</param>
        /// <returns>
        ///     Encoded string embebded within SPAN tag and style settings for use in HTML.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the &amp;#DECIMAL; notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Space</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description><div style='background-color : #ffffff'>alert&#40;&#39;XSS Attack&#33;&#39;&#41;&#59;</div></description></item>
        /// <item><term>user@contoso.com</term><description>user&#64;contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string HtmlEncode(string input, KnownColor clr)
        {
            //HTMLEncode will handle the encoding
            // This check is for making sure that bgcolor is required or not.
            if (HttpContext.Current.Request.QueryString["MarkAntiXssOutput"] != null)
            {
                string returnInput = "<span name='#markantixssoutput' style ='background-color : " + Color.FromKnownColor(clr).Name + "'>" + HtmlEncode(input) + "</span>";
                return returnInput;
            }
            else
            {
                return HtmlEncode(input);
            }
        }
        #endregion
        #region HTMLAttributeEncode_Method
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in HTML attributes.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <returns>
        ///     Encoded string for use in HTML attributes.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the &amp;#DECIMAL; notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>alert&#40;&#39;XSS&#32;Attack&#33;&#39;&#41;&#59;</description></item>
        /// <item><term>user@contoso.com</term><description>user&#64;contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross&#32;Site&#32;Scripting&#32;Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string HtmlAttributeEncode(string input)
        {
            if (String.IsNullOrEmpty(input))
            {
                return string.Empty;
            }
            // Use a new char array.
            int len = 0;
            int tLen = input.Length;
            char[] returnMe = new char[tLen * 8]; // worst case length scenario
            char[] thisChar;
            int thisCharID;
            for (int i = 0; i < tLen; i++)
            {
                thisCharID = (int)input[i];
                if ((WhitelistCodes[thisCharID] != null)
                    || (thisCharID == 32)   //escaping space for HTMLAttribute Encoding
                    )
                {
                    // character needs to be encoded
                    thisChar = WhitelistCodes[thisCharID];
                    returnMe[len++] = '&';
                    returnMe[len++] = '#';
                    if (thisCharID == 32)
                    {
                        returnMe[len++] = '3';
                        returnMe[len++] = '2';
                    }
                    else
                    {
                        for (int j = 0; j < thisChar.Length; j++)
                        {
                            returnMe[len++] = thisChar[j];
                        }
                    }
                    returnMe[len++] = ';';
                }
                else
                {
                    // character does not need encoding
                    returnMe[len++] = input[i];
                }
            }
            return new String(returnMe, 0, len);
        }
        #endregion
        #region URLEncode_Method
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in universal resource locators (URLs).
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <returns>
        ///     Encoded string for use in URLs.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the %SINGLE_BYTE_HEX and %uDOUBLE_BYTE_HEX notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>alert%28%27XSS%20Attack%21%27%29%3b</description></item>
        /// <item><term>user@contoso.com</term><description>user%40contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross%20Site%20Scripting%20Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string UrlEncode(string input)
        {
            if (String.IsNullOrEmpty(input))
            {
                return string.Empty;
            }
            // Use a new char array.
            int len = 0;
            int tLen = input.Length;
            int thisCharID;
            string thisChar;
            char ch;
            Encoding inputEncoding = null;
            // Use a new char array.
            char[] returnMe = new char[tLen * 24];
            for (int i = 0; i < tLen; i++)
            {
                thisCharID = (int)input[i];
                thisChar = input[i].ToString();
                if ((WhitelistCodes[thisCharID] != null)
                    || (thisCharID == 32) || (thisCharID == 44)    //escaping SPACE and COMMA for URL Encoding
                     )
                {
                    // Character needs to be encoded to default UTF-8.
                    inputEncoding = Encoding.UTF8;
                    byte[] inputEncodingBytes = inputEncoding.GetBytes(thisChar);
                    int noinputEncodingBytes = inputEncodingBytes.Length;
                    for (int index = 0; index < noinputEncodingBytes; index++)
                    {
                        ch = (char)inputEncodingBytes[index];
                        // character needs to be encoded. Infact the byte cannot be greater than 256.
                        if (ch <= 256)
                        {
                            returnMe[len++] = '%';
                            string hex = ((int)ch).ToString("x").PadLeft(2, '0');
                            returnMe[len++] = hex[0];
                            returnMe[len++] = hex[1];
                        }
                    }
                }
                else
                {
                    // character does not need encoding
                    returnMe[len++] = input[i];
                }
            }
            return new String(returnMe, 0, len);
        }
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in universal resource locators (URLs).
        /// </summary>
        /// <param name="input">Input string</param>
        /// <param name="codepage">Codepage number of the input</param>
        /// <returns>
        ///     Encoded string for use in URLs.
        /// </returns>
        /// <remarks>
        /// This function will encodes the output as per the encoding parameter (codepage) passed to it. It will encode all but known safe characters.  Encoded characters are encoded using the %SINGLE_BYTE_HEX and %DOUBLE_BYTE_HEX notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSSあAttack!');</term><description>alert%28%27XSS%82%a0Attack%21%27%29%3b</description></item>
        /// <item><term>user@contoso.com</term><description>user%40contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross%20Site%20Scripting%20Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string UrlEncode(string input, int codepage)
        {
            if (String.IsNullOrEmpty(input))
            {
                return string.Empty;
            }
            int len = 0;
            int thisCharID;
            int tLen = input.Length;
            char ch;
            string thisChar;
            Encoding inputEncoding = null;
            // Use a new char array.
            char[] returnMe = new char[tLen * 24]; // worst case length scenario
            for (int i = 0; i < tLen; i++)
            {
                thisCharID = (int)input[i];
                thisChar = input[i].ToString();
                if ((WhitelistCodes[thisCharID] != null)
                    || (thisCharID == 32) || (thisCharID == 44)    //escaping SPACE and COMMA for URL Encoding
                     )
                {
                    // character needs to be encoded
                    inputEncoding = Encoding.GetEncoding(codepage);
                    byte[] inputEncodingBytes = inputEncoding.GetBytes(thisChar);
                    int noinputEncodingBytes = inputEncodingBytes.Length;
                    for (int index = 0; index < noinputEncodingBytes; index++)
                    {
                        ch = (char)inputEncodingBytes[index];
                        // character needs to be encoded. Infact the byte cannot be greater than 256.
                        if (ch <= 256)
                        {
                            returnMe[len++] = '%';
                            string hex = ((int)ch).ToString("x").PadLeft(2, '0');
                            returnMe[len++] = hex[0];
                            returnMe[len++] = hex[1];
                        }
                    }
                }
                else
                {
                    // character does not need encoding
                    returnMe[len++] = input[i];
                }
            }
            return new String(returnMe, 0, len);
        }
        #endregion
        #region XMLEncode_Method
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in XML.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <returns>
        ///     Encoded string for use in XML.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the &amp;#DECIMAL; notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Space</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>alert&#40;&#39;XSS Attack&#33;&#39;&#41;&#59;</description></item>
        /// <item><term>user@contoso.com</term><description>user&#64;contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross Site Scripting Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string XmlEncode(string input)
        {
            // HtmlEncode will handle input
            return HtmlEncode(input);
        }
        #endregion
        #region XMLAttributeEncode_Method
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in XML attributes.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <returns>
        ///     Encoded string for use in XML attributes.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the &amp;#DECIMAL; notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>alert&#40;&#39;XSS&#32;Attack&#33;&#39;&#41;&#59;</description></item>
        /// <item><term>user@contoso.com</term><description>user&#64;contoso.com</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>Anti-Cross&#32;Site&#32;Scripting&#32;Library</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string XmlAttributeEncode(string input)
        {
            //HtmlEncodeAttribute will handle input
            return HtmlAttributeEncode(input);
        }
        #endregion
        #region JavaScriptEncode_Method
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in JavaScript.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// <returns>
        ///     Encoded string for use in JavaScript.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Space</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>'alert\x28\x27XSS Attack\x21\x27\x29\x3b'</description></item>
        /// <item><term>user@contoso.com</term><description>'user\x40contoso.com'</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>'Anti-Cross Site Scripting Library'</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string JavaScriptEncode(string input)
        {
            return JavaScriptEncode(input, true);
        }
        ///---------------------------------------------------------------------
        /// <summary>
        /// Encodes input strings for use in JavaScript.
        /// </summary>
        /// <param name="input">String to be encoded</param>
        /// /// <param name="flagforQuote">bool flag to determin to emit quote or not. true - emit quote. false = no quote.</param>
        /// <returns>
        ///     Encoded string for use in JavaScript and does not return the output with en quotes.
        /// </returns>
        /// <remarks>
        /// This function will encode all but known safe characters.  Encoded characters are encoded using the \xSINGLE_BYTE_HEX and \uDOUBLE_BYTE_HEX notation.
        /// <newpara/>
        /// Safe characters include:
        /// <list type="table">
        /// <item><term>a-z</term><description>Lower case alphabet</description></item>
        /// <item><term>A-Z</term><description>Upper case alphabet</description></item>
        /// <item><term>0-9</term><description>Numbers</description></item>
        /// <item><term>,</term><description>Comma</description></item>
        /// <item><term>.</term><description>Period</description></item>
        /// <item><term>-</term><description>Dash</description></item>
        /// <item><term>_</term><description>Underscore</description></item>
        /// <item><term> </term><description>Space</description></item>
        /// <item><term> </term><description>Other International character ranges</description></item>
        /// </list>
        /// <newpara/>
        /// Example inputs and encoded outputs:
        /// <list type="table">
        /// <item><term>alert('XSS Attack!');</term><description>'alert\x28\x27XSS Attack\x21\x27\x29\x3b'</description></item>
        /// <item><term>user@contoso.com</term><description>'user\x40contoso.com'</description></item>
        /// <item><term>Anti-Cross Site Scripting Library</term><description>'Anti-Cross Site Scripting Library'</description></item>
        /// </list></remarks>
        ///---------------------------------------------------------------------
        public static string JavaScriptEncode(string input, bool flagforQuote)
        {
            // Input validation: empty or null string condition
            if (String.IsNullOrEmpty(input))
            {
                if (flagforQuote)
                {
                    return (EmptyStringJavaScript);
                }
                else
                {
                    return "";
                }
            }
            // Use a new char array.
            int len = 0;
            int tLen = input.Length;
            char[] returnMe = new char[tLen * 8]; // worst case length scenario
            char[] thisChar;
            char ch;
            int thisCharID;
            // First step is to start the encoding with an apostrophe if flag is true.
            if (flagforQuote)
            {
                returnMe[len++] = '\'';
            }
            for (int i = 0; i < tLen; i++)
            {
                thisCharID = (int)input[i];
                ch = input[i];
                if (WhitelistCodes[thisCharID] != null)
                {
                    // character needs to be encoded
                    thisChar = WhitelistCodes[thisCharID];
                    if (thisCharID > 127)
                    {
                        returnMe[len++] = '\\';
                        returnMe[len++] = 'u';
                        string hex = ((int)ch).ToString("x").PadLeft(4, '0');
                        returnMe[len++] = hex[0];
                        returnMe[len++] = hex[1];
                        returnMe[len++] = hex[2];
                        returnMe[len++] = hex[3];
                    }
                    else
                    {
                        returnMe[len++] = '\\';
                        returnMe[len++] = 'x';
                        string hex = ((int)ch).ToString("x").PadLeft(2, '0');
                        returnMe[len++] = hex[0];
                        returnMe[len++] = hex[1];
                    }
                }
                else
                {
                    // character does not need encoding
                    returnMe[len++] = input[i];
                }
            }
            // Last step is to end the encoding with an apostrophe if flag is true.
            if (flagforQuote)
            {
                returnMe[len++] = '\'';
            }
            return new String(returnMe, 0, len);
        }
        #endregion
        #region VisualBasicScriptEncode_Method
        public static string VisualBasicScriptEncode(string input)
        {
            // Input validation: empty or null string condition
            if (String.IsNullOrEmpty(input))
            {
                return (EmptyStringVBS);
            }
            // Use a new char array.
            int len = 0;
            int tLen = input.Length;
            char[] returnMe = new char[tLen * 12]; // worst case length scenario
            char ch2;
            string temp;
            int thisCharID;
            //flag to surround double quotes around safe characters
            bool bInQuotes = false;
            for (int i = 0; i < tLen; i++)
            {
                thisCharID = (int)input[i];
                ch2 = input[i];
                if (WhitelistCodes[thisCharID] != null)
                {
                    // character needs to be encoded
                    // surround in quotes
                    if (bInQuotes)
                    {
                        // get out of quotes
                        returnMe[len++] = '"'; ;
                        bInQuotes = false;
                    }
                    // adding "encoded" characters
                    temp = "&chrw(" + ((uint)ch2).ToString() + ")";
                    foreach (char ch in temp)
                    {
                        returnMe[len++] = ch;
                    }
                }
                else
                {
                    // character does not need encoding
                    //surround in quotes
                    if (!bInQuotes)
                    {
                        // add quotes to start
                        returnMe[len++] = '&';
                        returnMe[len++] = '"';
                        bInQuotes = true;
                    }
                    returnMe[len++] = input[i];
                }
            }
            // if we're inside of quotes, close them
            if (bInQuotes)
            {
                returnMe[len++] = '"';
            }
            // finally strip extraneous "&" from beginning of the string, if necessary and RETURN
            if (returnMe.Length > 0 && returnMe[0] == '&')
            {
                return new String(returnMe, 1, len - 1);
            }
            else
            {
                return new String(returnMe, 0, len);
            }
        }
        #endregion
        #endregion
    }
}
#endregion


//CaptchaPlaceHolder.aspx
<%@ Page ContentType="text/x-javascript" ValidateRequest="false" Language="C#" AutoEventWireup="true" Inherits="Microshaoft.WebSecurity.CaptchaPlaceHolder" %>
<%@ Import Namespace="Microshaoft" %>
document.write('<div id="<%= _DivID%>" style="display:none">');
function <%= _FunctionName%>()
{
    var <%= _DivChildrenNodesObjVar%> = document.getElementById("<%= _DivID%>").childNodes;
    if (<%= _DivChildrenNodesObjVar%>)
    {
        for (var <%= _iVar%> = <%= _DivChildrenNodesObjVar%>.length - 1; <%= _iVar%> >= 0; <%= _iVar%> --)
        {
            var <%= _DivChildNodeObjVar%> = <%= _DivChildrenNodesObjVar%>[<%= _iVar%>];
            <%= _DivChildNodeObjVar%>.parentNode.removeChild(<%= _DivChildNodeObjVar%>);
        }
    }
    var <%= _ScriptObjVar%> = document.createElement("SCRIPT");
    <%= _ScriptObjVar%>.src= "<%= _UrlPrefix%>CaptchaGenerator.aspx?imgid=<%= _ImgID%>&callback=<%= _CallbackName%>&refresh=<%= _RefreshCallName%>&id=<%= _ClientID%>&sign=<%= _RSASignMode%>&l=<%= _L%>&w=<%= _W%>&h=<%= _H%>&rsa=<%= _RequestRSAPublicKey%>&r=" + Math.random();
    document.getElementById("<%= _DivID%>").appendChild(<%= _ScriptObjVar%>);
    //alert(<%= _DivChildrenNodesObjVar%>.length);
}
document.write('</div>');
document.write('<table border="0"><tr><td align="center">');
document.write('<Img id="<%= _ImgID%>" width="<%= _W%>" height="<%= _H%>" />');
document.write('</td></tr>');
<%
if (!StringHelper.IsValidString(_RefreshCallName))
{
%>
    document.write('<tr><td align="center">');1
    document.write('<button onclick="<%= _FunctionName%>()">看不清,再换一张!</button>');
    document.write('</td></tr>');
<%
}
%>
document.write('</table>');
<%= _FunctionName%>();
<%
if (StringHelper.IsValidString(_RefreshCallName))
{
%>
    function <%= _RefreshCallName%>()
    {
        <%= _FunctionName%>();
    }
<%
}
%>


//CaptchaGenerator.aspx
<%@ Page ContentType="text/x-javascript" Language="C#" AutoEventWireup="true" Inherits="Microshaoft.WebSecurity.CaptchaGenerator" %>
var <%= _ImgObjVar%> = document.getElementById("<%= _ImgID%>");
<%= _ImgObjVar%>.src="<%= _UrlPrefix%>Captcha.aspx?text=<%= _InternalTripleDESEncryptedVerifyCode%>&sign=<%= _RSASignMode%>&w=<%= _W%>&h=<%= _H%>&r=" + Math.random();
<%= _CallbackName%>("<%= _ClientID%>","<%= _EncryptedMode%>","<%= _EncryptedVerifyCode%>"/*, "<%= _ResponseRSAPublicKey%>"*/, "<%= _ResponseRSASignature%>");


//Captcha.aspx
<%@ Page ContentType="image/Png" Language="C#" AutoEventWireup="true" Inherits="Microshaoft.WebSecurity.Captcha" %>


<?xml version="1.0"?>
<!-- web.config -->
<configuration>
    <appSettings>
        <add key="UrlPrefix" value="http://local.tech-talk.net/captcha" />
        <add key="ResponseSharedTripleDESKey" value="123456789100000000000000000000000000000000ABF00A" />
        <add key="ResponseSharedTripleDESIV" value="0123456789ABCDEF" />
        <!-- <RSAKeyValue><Modulus>w7dgn+djOWI7ctEhI066QuQz8oF7Q2vUPQn/ypNkRJv+zFketiIFv0+Dlj9C3QVzZTri69BGA9F92h4ylImjmDqzONYF3Y5SWbiBed1yv57pUIGYSaV/JXBdNCztFYOgVgV/BTGWOYFF/Poc0hx5TGz4Pi98VsNqAHC6Vzjjp20=</Modulus><Exponent>AQAB</Exponent><P>58L7fZmUZ1kaHtXQi+IkWXt5HnoIRTdQOdYhPH7VTopXY8Ls/zJ/blK/JNsGLW/UcP4JQp2+peBo7ocZGfg33w==</P><Q>2C9X9cMmkvJphCW5nnbRObCyA1H+ni2Jrtw2FtjZXTU2YPnUSj4ZMMlTyqWIgDgFXRQl+KZvLPQUvgUGSTg6Mw==</Q><DP>h0E0khVaFYJbixlPTwOYIRy9D7s6LmLckBRWaz6978suuwrcUwa+db0WzkSAc23rNlIbR2RWCepQcrwnOw+wUw==</DP><DQ>Kjg8xmthWitrffpcIN11iP3AFjPqNPwRuouZKKca9EATKadA1WsBQmzfJ2Fioh/OtFnd/IyMg8v7TQzwKFaJzw==</DQ><InverseQ>F7IVGC70VctnvQiUwTeoAOQMIBa4l74IWsfxu2YCuv826L1/ETBbGXn2MgyJibTcLuXKxKZvbYQ8OW5wCvyLvg==</InverseQ><D>cZd8ADLW1xZZdKFGP2zRFEPIlqZp+U6bJzYnfNag6mUztDzBY2pJtaibsddTol4ohIdx7vW5vTuYdMD0EFv2Uz85t6jUi5oogZaKXv2vKSI5DHkWX2SyyEWceIPcf40qDG/xkGIrfL3nH8w6t7SY4ZKx6dn6wmAoFnZwcL2aPo0=</D></RSAKeyValue> -->
        <add key="ResponseRSAPrivateKey" value="&lt;RSAKeyValue&gt;&lt;Modulus&gt;w7dgn+djOWI7ctEhI066QuQz8oF7Q2vUPQn/ypNkRJv+zFketiIFv0+Dlj9C3QVzZTri69BGA9F92h4ylImjmDqzONYF3Y5SWbiBed1yv57pUIGYSaV/JXBdNCztFYOgVgV/BTGWOYFF/Poc0hx5TGz4Pi98VsNqAHC6Vzjjp20=&lt;/Modulus&gt;&lt;Exponent&gt;AQAB&lt;/Exponent&gt;&lt;P&gt;58L7fZmUZ1kaHtXQi+IkWXt5HnoIRTdQOdYhPH7VTopXY8Ls/zJ/blK/JNsGLW/UcP4JQp2+peBo7ocZGfg33w==&lt;/P&gt;&lt;Q&gt;2C9X9cMmkvJphCW5nnbRObCyA1H+ni2Jrtw2FtjZXTU2YPnUSj4ZMMlTyqWIgDgFXRQl+KZvLPQUvgUGSTg6Mw==&lt;/Q&gt;&lt;DP&gt;h0E0khVaFYJbixlPTwOYIRy9D7s6LmLckBRWaz6978suuwrcUwa+db0WzkSAc23rNlIbR2RWCepQcrwnOw+wUw==&lt;/DP&gt;&lt;DQ&gt;Kjg8xmthWitrffpcIN11iP3AFjPqNPwRuouZKKca9EATKadA1WsBQmzfJ2Fioh/OtFnd/IyMg8v7TQzwKFaJzw==&lt;/DQ&gt;&lt;InverseQ&gt;F7IVGC70VctnvQiUwTeoAOQMIBa4l74IWsfxu2YCuv826L1/ETBbGXn2MgyJibTcLuXKxKZvbYQ8OW5wCvyLvg==&lt;/InverseQ&gt;&lt;D&gt;cZd8ADLW1xZZdKFGP2zRFEPIlqZp+U6bJzYnfNag6mUztDzBY2pJtaibsddTol4ohIdx7vW5vTuYdMD0EFv2Uz85t6jUi5oogZaKXv2vKSI5DHkWX2SyyEWceIPcf40qDG/xkGIrfL3nH8w6t7SY4ZKx6dn6wmAoFnZwcL2aPo0=&lt;/D&gt;&lt;/RSAKeyValue&gt;" />
        <add key="InternalTripleDESKey" value="123456789100000000000000000000000000000000ABF00F" />
        <add key="InternalTripleDESIV" value="0123456789ABCDEF" />
        <add key="CharactersText" value="23568ABEFJKNPQRSXdghknpx" />
        <add key="DefaultWidth" value="135" />
        <add key="DefaultHeight" value="35" />
        <add key="DefaultTextLength" value="5" />
    </appSettings>
    <connectionStrings/>
    <system.web>
        <httpModules>
            <add name="ControlsPropertyFilterHttpModule" type="Microshaoft.ControlsPropertyFilterHttpModule, ControlsPropertyFilterHttpModule" />
        </httpModules>
        <!-- 
            Set compilation debug="true" to insert debugging 
            symbols into the compiled page. Because this 
            affects performance, set this value to true only 
            during development.
        -->
        <compilation debug="true">
        </compilation>
        <!--
            The <authentication> section enables configuration 
            of the security authentication mode used by 
            ASP.NET to identify an incoming user. 
        -->
        <authentication mode="Windows" />
        <!--
            The <customErrors> section enables configuration 
            of what to do if/when an unhandled error occurs 
            during the execution of a request. Specifically, 
            it enables developers to configure html error pages 
            to be displayed in place of a error stack trace.
        -->
        <customErrors mode="Off" />
    </system.web>
</configuration>


<!-- sample.html -->
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
    <title> new document </title>
    <meta name="generator" content="editplus" />
    <meta name="author" content="" />
    <meta name="keywords" content="" />
    <meta name="description" content="" />
</head>
<body>
<script type="text/javascript" language="javascript">
    function _0hi1(ClientID, EncryptMode, EncryptData/*, RSAPublicKey*/, RSASignature)
    {
        document.getElementById("t1").value = ClientID + ": " + EncryptMode + "; " + EncryptData;
//        alert("Client ID: " + ClientID);
//        alert("Encrypt Mode: " + EncryptMode);
//        alert("Encrypt Data: " + EncryptData);
//        //alert("Response RSA Public Key: " + RSAPublicKey);
//        alert("Response RSA Signature: " + RSASignature);
    }
</script>
<table border="1">
    <tr>
        <td align="center">
<script type="text/javascript" language="javascript" src="http://local.tech-talk.net/captcha/captchaplaceholder.aspx?id=1&l=4&h=50&callback=_0hi1&sign=sha1&w=150&refresh=refresh&rsa=%3cRSAKeyValue%3e%3cModulus%3etvWiOBhMJy8t0aZ7futbIm7IPrrTCH4fwl%2f4ut360k5syBFVW%2fWyN50j1aUJmnsp1pPXjt6uGfGNVVOxB9Hku7ppg%2fpNb2xHGau1Yw4EBTpmyR0jq0YjhluxDQkzQzqWZZwiZRluJ5MMT%2fWDgn90aeD%2fadNlir%2fZWsKegpW%2fKbc%3d%3c%2fModulus%3e%3cExponent%3eAQAB%3c%2fExponent%3e%3c%2fRSAKeyValue%3e">
</script>
<!-- <script type="text/javascript" language="javascript" src="http://local.tech-talk.net/captcha/captchaplaceholder.aspx?id=1&l=4&h=50&callback=%22;\u0064ocument.write('\u003cscript\u003ealert(
%22 Encode script XSS Attack%22)\u003c/script\u003e');alert('Plain script Xss Attack callback'); var a = %22%22;//_0123ac&sign=sha1&w=150&refresh=_0hi1&rsa=%3cRSAKeyValue%3e%3cModulus%3etvWiOBhMJy8t0aZ7futbIm7IPrrTCH4fwl%2f4ut360k5syBFVW%2fWyN50j1aUJmnsp1pPXjt6uGfGNVVOxB9Hku7ppg%2fpNb2xHGau1Yw4EBTpmyR0jq0YjhluxDQkzQzqWZZwiZRluJ5MMT%2fWDgn90aeD%2fadNlir%2fZWsKegpW%2fKbc%3d%3c%2fModulus%3e%3cExponent%3eAQAB%3c%2fExponent%3e%3c%2fRSAKeyValue%3e"></script> -->
        </td>
    </tr>
    <tr>
        <td align="center">
<button onclick= "refresh()">重新获取</button>
        </td>
    </tr>
</table>
<br>
<input id="t1"  type="text" />
<p>
<script type="text/javascript" language="javascript">
    function _hi2(ClientID, EncryptMode, EncryptData/*, RSAPublicKey*/, RSASignature)
    {
        document.getElementById("t2").value = ClientID + ": " + EncryptMode + "; " + EncryptData;
//        alert("Client ID: " + ClientID);
//        alert("Encrypt Mode: " + EncryptMode);
//        alert("Encrypt Data: " + EncryptData);
//        //alert("Response RSA Public Key: " + RSAPublicKey);
//        alert("Response RSA Signature: " + RSASignature);
    }
</script>
<script type="text/javascript" language="javascript" src="http://local.tech-talk.net/captcha/captchaplaceholder.aspx?id=2&sign=sha1&l=4&w=150&h=50&callback=_hi2&sign=md5">
</script>
<input id="t2"  type="text" />
</body>
</html>

posted @ 2008-12-14 15:13  于斯人也  阅读(3991)  评论(2编辑  收藏  举报