/// 

    ///过滤用户输入，防止恶意数据
    /// 
    public class SecurityFilter
    {
        public SecurityFilter()
        {
        }

        /// 

        /// Method to make sure that user's inputs are not malicious
        /// 过滤所有html标签
        /// 
        /// User's Input
        /// Maximum length of input
        /// The cleaned up version of the input
        public static string InputText(string text)
        {
            text = text.Trim();
            if (text.Trim() == "")
                return string.Empty;
            text = Regex.Replace(text, "[\\s]{2,}", " ");	//two or more spaces
            text = Regex.Replace(text, "(<[b|B][r|R]/*>)+|(<[p|P](.|\\n)*?>)", "\n");	//

            text = Regex.Replace(text, "(\\s*&[n|N][b|B][s|S][p|P];\\s*)+", " ");	// 
            text = Regex.Replace(text, "<(.|\\n)*?>", string.Empty);	//any other tags
            text = text.Replace("'", "''");
            text = ProcessSqlStr(text);
            return text;
        }

        /// 

        /// 过滤数组中的每个值
        /// 
        /// 
        /// 
        public static string[] FilterArray(params string[] str)
        {
            for (int i = 0; i < str.Length; i++)
            {
                str[i] = ProcessSqlStr(InputText(str[i]));
            }
            return str;
        }

        /// 

        /// 过滤单个值
        /// 
        /// 
        /// 
        public static string FilterValue(string str)
        {
            return ProcessSqlStr(InputText(str));
        }


        /// 

        /// 过滤部分恶意标签
        /// 
        /// 
        /// 
        public static String UnSafeHTMLFilter(string html)
        {
            Regex regex1 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex2 = new Regex(@" href *= *[\s\S]*script *:", RegexOptions.IgnoreCase);
            Regex regex3 = new Regex(@" on[\s\S]*=", RegexOptions.IgnoreCase);
            Regex regex4 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex5 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex6 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex7 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex8 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex9 = new Regex(@"", RegexOptions.IgnoreCase);
            Regex regex10 = new Regex(@"", RegexOptions.IgnoreCase);
            html = regex1.Replace(html, ""); //过滤标记 
            html = regex2.Replace(html, ""); //过滤href=javascript: () 属性 
            html = regex3.Replace(html, " _disibledevent="); //过滤其它控件的on...事件 
            html = regex4.Replace(html, ""); //过滤iframe 
            html = regex5.Replace(html, ""); //过滤frameset 
            html = regex6.Replace(html, "");//过滤title 
            html = regex7.Replace(html, "");//过滤head 
            html = regex8.Replace(html, "");//过滤body 
            html = regex9.Replace(html, "");//过滤style 
            html = regex10.Replace(html, "");//过滤include 
            html = ProcessSqlStr(html);
            return html;
        }

        /// 

        /// 过滤sql注入
        /// 
        /// 传入用户提交数据
        /// 返回是否含有SQL注入式攻击代码
        public static string ProcessSqlStr(string Str)
        {
            string ReturnValue = "";
            try
            {
                if (!string.IsNullOrEmpty(Str))
                {
                    string SqlStr = "or |and |exec |insert |select |delete |update |count | * |chr |mid |master |truncate |char |declare |create |drop |alter|'|--";
                    string[] anySqlStr = SqlStr.Split('|');
                    ReturnValue = Str;
                    foreach (string ss in anySqlStr)
                    {
                        Str.Replace(ss, "");
                    }
                }
            }
            catch
            {
                ReturnValue = "";
            }
            return ReturnValue;
        }
    }